Hello, guys,
I already had a es cluster, and many data in it. Now I want to stor a new nginx's access/error log to my es with filebeat+nginx module. I want the index to be the a new name such as nginx-log-20230118, rather than default name(filebeat-7.16.3***).
I tried changed the filebeat.yml file, but seems not work. Here is my config like:
setup.template.settings:
setup.template.name: "filebeat-nginx"
setup.template.pattern: "filebeat-nginx_*"
setup.template.enabled: false
setup.template.overwrite: true
output.elasticsearch:
indices:
- index: "nginx_access-%{[beat.version]}-%{+yyyy.MM.dd}"
when.contains:
fileset.name: "access"
- index: "nginx_error-%{[beat.version]}-%{+yyyy.MM.dd}"
when.contains:
fileset.name: "error"
When I run filebeats -e, log shows this:
2023-01-18T16:31:59.463+0800 INFO [index-management] idxmgmt/std.go:261 Auto ILM enable success.
2023-01-18T16:31:59.480+0800 INFO [index-management.ilm] ilm/std.go:170 ILM policy filebeat exists already.
2023-01-18T16:31:59.548+0800 INFO [index-management.ilm] ilm/std.go:126 Index Alias filebeat-7.16.3 exists already
And nginx log had stored in index filebeat-7.16.3.
Where is the problem?
Thanks!