Logstash 6.4.2 to use index pattern for new indices

samiujan · November 22, 2019, 9:18am

Hi

I am using Logstash 6.4.2 to read and output data to a new ES 6.4.2 index every day - Each index has the pattern "filebeat-YYYY-MM-DD"

I want the new index to use a specific template

I have added an index template to ES with the following pattern:

PUT /_template/filebeat-geopoint
{
  "order": 0,
  "template": "filebeat-*",
  "settings": {},
  "mappings": {
    "_default_": {
      "properties": {
        "req_gp": {
          "type": "geo_point"
        }
      }
    }
  }
}

(I found the pattern from this SO answer)

I want to configure Logstash so that it uses the pattern above - is the following configuration correct/sufficient?

output {
  elasticsearch {
    hosts => "localhost:9200"
    manage_template => true
    template_name => "filebeat-geopoint"
    template_overwrite => true
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "doc"
  }
}

I am not sure about the template_overwrite attribute, is this necessary? Is "template_name" sufficient or do I need to specify the template in a .json file as well

system · December 20, 2019, 9:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Set a template_name in Logstash output filter to send data elasticsearch Logstash	3	2555	December 31, 2019
Logstash 7.0 does ignore index_patterns / template fields in template and overrules that with "logstash-*" Logstash	2	1660	May 30, 2019
How to select an index template from a logstash pipeline? Logstash	2	625	June 11, 2020
Filebeat to elasticsearch configuration(mapping) Beats filebeat	3	1434	May 27, 2021
Logstash not using given template json file on output section Logstash	9	6274	July 6, 2017

Logstash 6.4.2 to use index pattern for new indices

Related Topics