Indexing beats hourly

tarekilani · September 15, 2021, 11:03am

Hello,

Please i'm searching for a way to index beats hourly in elasticsearch. As you know the default configuration in a beat yml file is :

#index: "winlogbeat-%{[agent.version]}-%{+yyyy.MM.dd}"

I tried changing that line to this :

#index: "winlogbeat-%{[agent.version]}-%{+yyyy.MM.dd.HH}"

But it doesn't work.
Is there any way to index beats hourly ? (Plesase consider that i'm not using logstash between beats and elsticsearch)
Thank you in advance for your help.

warkolm · September 15, 2021, 9:24pm

Can I ask why you want to go this route? You risk creating a lot of shards, and wasting system resources due to that.

system · October 13, 2021, 11:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Hourly index for filebeat Beats filebeat	13	5966	January 5, 2017
Indexes with FileBeat Beats filebeat	8	4397	September 27, 2016
ILM config for beats Beats	2	299	October 7, 2019
Beat Index Created As "%{[@metadata][beat]}-%{[@metadata][version]}-2019.MM.DD" Beats	1	987	April 19, 2019
Beats and index naming Beats	22	1106	September 16, 2019

Indexing beats hourly

Related topics