Hello,
I need to create custom index for my filebeat agent for each host. Need to separate the data collected for each host.
So i'll do this config in my filebeat.yml on the monitored host, after a large number of research on the web. :
setup.ilm.enabled: true
setup.ilm.overwrite: true
setup.ilm.rollover_alias: "filebeat-myhost-dev"
setup.ilm.pattern: "{now/M{yyyy.MM.dd}}-000001"
setup.dashboards.enabled: true
setup.dashboards.index: "filebeat-*"
setup.template.name: "filebeat-myhost-dev"
setup.template.pattern: "filebeat-myhost-dev-*"
setup.template.overwrite: true
setup.dashboard.index: "filebeat-myhost-dev-*"
I'll create too an index pattern filebeat-myhost-dev-*.
For this i'll create a new user and a new role for the filebeat setup.
I'll add indices privileges to filebeat-* and filebeat-myhost-dev-* i'll add privileges :
- write
- manager
- create
- read
To the cluster privilege i'll add the following privileges :
- monitor
- manage_ilm
- manage_ml
- manage_index_templates
- manage_ingest_pipelines
So when on my host i'll run the command :
filebeat -e setup
The index was created and document are created in this index. Great !
The problem :
If i'll restart the service, filebeat stop creating of new document in the index... Without error message...
The question:
What's missing in the configuration or what's append and correct this issue.
Best regards;