Hi
I am using Logstash 6.4.2 to read and output data to a new ES 6.4.2 index every day - Each index has the pattern "filebeat-YYYY-MM-DD"
I want the new index to use a specific template
I have added an index template to ES with the following pattern:
PUT /_template/filebeat-geopoint
{
"order": 0,
"template": "filebeat-*",
"settings": {},
"mappings": {
"_default_": {
"properties": {
"req_gp": {
"type": "geo_point"
}
}
}
}
}
(I found the pattern from this SO answer)
I want to configure Logstash so that it uses the pattern above - is the following configuration correct/sufficient?
output {
elasticsearch {
hosts => "localhost:9200"
manage_template => true
template_name => "filebeat-geopoint"
template_overwrite => true
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "doc"
}
}
I am not sure about the template_overwrite attribute, is this necessary? Is "template_name" sufficient or do I need to specify the template in a .json file as well