Hi,
Is there any point/need/advantage for loading index patterns for filebeat etc. if we use custom index names in elasticsearch output like shown below? For example, If I won't use any of "packetbeat-", "topbeat-", "filebeat-" and "winlogbeat-" in Kibana, why should I load them?
Thanks
Logstash config
output {
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
index => "my-index"
}
}If you use custom patterns then you need to add them in manually.
That's probably not a good idea if it's time based data.
I add them manually but never use them. Instead I use my-index in Kibana dashboard. Hence reason I am asking. If I won't use them why should I add them in first place anyway? I want to know if I am missing out some great features when I ignore them.
If you don't add the index pattern for the data in Elasticsearch then you can't do much with Kibana.
I still don't understand the difference between index => "my-index" and index => "filebeat-my-index".
I don't see any difference between selecting filebeat-* and my-index for "Index name or pattern" field in Kibana GUI. Both logs have exactly the same fields/data in Elasticsearch.
It depends on which index you are sending the data to.
That is what you have in your config, so that is what you should set in Kibana.
I meant;
Whether I sent the data to
my-index and select my-indexfilebeat-my-index and select filebeat-*as index pattern in Kibana GUI, there is no difference in logs. Logs in both Elasticsearch indexes have exactly the same fields/data. That's why I don't understand why I cannot do mush with Kibana as you said above.
If you don't add the index pattern for the data in Elasticsearch then you can't do much with Kibana.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.