Hello,
I have installed logstash to collect logs and send to elasticsearch. Logstash is configured to keep indexes in hourly base.
I need now to install metricbeat modules and also send to elasticsearch in hourly base index as well. In metricbeat configuration i can send directly to elastic but i see no index configuration. Is it better to send to logstash (and not directly to elastic) and configure logstash for the indexes?
Thank you
Hi @stefan0s 
Welcome to the forum
You can send data through Logstash but maybe you can solve your problem with the info in the next link Configure the Elasticsearch output | Metricbeat Reference [7.13] | Elastic
Hello Mario,
While adding index: "%{[fields.log_type]}-%{[agent.version]}-%{+yyyy.MM.dd}" to metricbeat.yml i receive the error bellow and service cannot start:
The metricbeat service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
By removing the index row added previously service cannot start at all now. All line endings have LF. We are using windows. I also see in the logs
Exiting: setup.template.name and setup.template.pattern have to be set if index name is modified
Any suggestions?
Ok it seems that template.name and template.pattern is required even id we use the default index "metricbeat-%{[agent.version]}-%{+yyyy.MM.dd}". I have now configured index as
index: "%{[fields.log_type]}-%{[agent.version]}-%{+yyyy.MM.dd.HH}"
and also set
setup.template.name: "metricbeat"
setup.template.pattern: "metricbeat-*"
but indexes in elastic are like: metricbeat-7.12.1-2021.06.15-000001
Should be in hourly index basis?? I have set the .HH
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.