Having an application field from each filebeat you can configure the index name to be index => "%{[application]}-%{[@metadata][version]}-%{+yyyy.MM.dd}" (this should create an daily index with the beats version in the index name). Then in kibana you can create index patterns filebeat-* and webpage-*.
The settings/names are for use with Filebeat and Logstash. Logstash did create an index named %{[application]}, because some event was missing the application field. You must ensure all events have an application field.
@Mark, As per my knowledge for metricbeat you should use single index i.e metricbeat-* for all servers. Because its contain metrics of your servers and you can use metricbeat dashboard to visualize the data.
For filebeat you can create separate indexes on the basis of your data like for syslog, nginx log, auth log etc. You can create separate indexes. But filebeat dashboard are tied with filebeat-* index pattern. If you want to use filebeat dashboard for syslog, ssh log or nginx log these logs should be store in filebeat index.
To create separate index you need to handle it at Filebeat level and output fileter in logstash.
In filebeat you can use type for each logs type and use that type field in logstash output filter to create separate index for that log.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.