Thanks for answering.
Your suggestion is very appealing.
However, I am not getting the expected result: input.index is not behaving well.
I have made the following statements in filebeat.yml and nginx.yml.
# vi /etc/filebeat/filebeat.yml
filebeat.config.modules:
path: /etc/filebeat/modules.d/*.yml
output.elasticsearch:
hosts: ["localhost:9200"].
# vi /etc/filebeat/modules.d/nginx.yml
- module: nginx
# access logs
access:
enabled: true
var.paths: ["/var/log/nginx/access.log"].
input.index: "filebeat-else02-httpd-access-%{+yyyy.MM.dd}"
# Error logs
error:
enabled: true
var.paths: ["/var/log/nginx/error.log"]]
input.index: "filebeat-else02-httpd-error-%{+yyyy.MM.dd}"
Restarting Filebeat yields the following result.
# curl -X GET "localhost:9200/_cat/indices?v"
health status index index uuid pri rep docs.count docs.deleted store.size pri.store.size
... snip ...
green open filebeat-else02-httpd-access-2022.08.02 MhfoSGBnRt-Kenui4hzI4Q 1 0 0 0 208b 208b
yellow open filebeat-7.12.0-2022.08.02-000001 6LiS2pIER0etyxqqL-Y3wQ 1 1 422802 0 289.9mb 289.9mb
... snip ...
Thanks to input.index, we have created an index with the given name.
However, the document is not added to that index, but to the default filebeat-7.12.0-2022.08.02-000001.
I would like the document to be added to the index with the specified name.
What action is needed?