Filebeat's nginx module feature looks very attractive.
However, the index name seems to default to a form like filebeat-7.12.0-2022.07.29-000001.
On nginx, I have access.log and error.log, but I can't distinguish between them, so I want to change the index name.
How can I do this?
I found the following article but cannot set the index name properly
I have added the following statement
# vi /etc/filebeat/modules.d/nginx.yml
- module: nginx
access:
enabled: true
var.paths: ["/var/log/nginx/access.log"]
# vi /etc/filebeat/filebeat.yml
... snip ...
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["localhost:9200"]
indices:
- index: "else-httpd-access-%{+yyyy.MM.dd}"
when.equals:
event.module: "nginx"
- default: "filebeat-%{[agent.version]}-%{+yyyy.MM.dd}"
... snip ...
However, I get the following error.
# tail /var/log/filebeat/filebeat
... snip ...
2022-07-29T19:27:17.106+0900 ERROR instance/beat.go:971 Exiting: error initializing publisher: missing output.elasticsearch.indices.1.index
... snip ...
I would like to have index names such as {my service name}-httpd-access-{date}, {my service name}-httpd-error-{date} for each access.log and error.log, and for each outgoing server.
For example, kin-httpd-access-2022.07.29, kin-httpd-error-2022.07.29, els-httpd-access-2022.07.29, els-httpd-error-2022.07.29, etc ...