Indexes at work Packetbeat

How to understand in which the index writes a packetbeat. Why so many indexes were created and how to make everything be written in one. Kibina defines the packetbeat- * and outputs the information only for 12.03.2017

By default Packetbeat writes its data to a daily index (an index based on the current UTC day). So you will have packetbeat-2017.03.21 for today and at 00:00 UTC a new index will be created for the next day.

You can customize the index pattern if you like via the output.elasticsearch.index config option. You could use a weekly or monthly index pattern to reduce the number of indices. But this decision should be made based on the amount of data being produced and your cluster size and settings.

index: https://www.elastic.co/guide/en/beats/packetbeat/current/elasticsearch-output.html#_index
Possible formats: https://godoc.org/github.com/elastic/beats/libbeat/common/dtfmt

1 Like

Thank you so much.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.