I have a configuration as shown below
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["IP:9200"]
username: "elastic"
password: "elastic"
# Protocol - either `http` (default) or `https`.
protocol: "http"
# Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
indices:
- index: "filebeat-netflow-%{+yyyy.MM.dd}"
when.equals:
event.module: "netflow"
- index: "filebeat-cisco-%{+yyyy.MM.dd}"
when.equals:
event.module: "cisco"
I want to create rule for the default template.
I can read that there is a way to do that but I cannot find any use case example and all my tries fails. Can you show me the way?
Or is there a way to disable the default index that filebeat is creating event I don't want it?
It's empty and giving me error inside kibana dashboards that say one of my shards is not working properly.