We are in process of standardising index names to ensure permissions are given correctly
my_os_windows_yyyy-mm-dd, my_os_linux_yyyy-mm-dd, my_network_cisco_yyyy-mm-dd etc..) rather than the default "
filebeat*" format. This way we can control which index and data and roles/permissions/index patterns etc.
I understand how to put the output settings if I'm developing my on logstash.conf I know how to ensure it goes into correct index.
But if I'm using the inbuilt modules (eg system or audit modules) within filebeat, how would I configure the outputs? The only area I could find is to put "output.elasticsearch" in the main filebeat.yml, but that is not good as you have single index name there? So is there any way, we can put this setting in the module.d itself or an outputs.d folder?
I'm planning to send data from
client => filebeats => logstash => elasticsearch
So how can I make sure it goes into my own index rather than the hardcoded filebeat* nidex?