I have a host with three different log files. Using one instance of filebeat to ship all of the logs. Started this process back on 6.2 and discovered the "type" option. So based on the log file path I would set the type to say "access, audit, etc..." and ship out to Logstash. The logstash output would then use this type field as part of the index name so they would be easily identifiable in Kibana.
Used this simple code: index => "%{[type]}-%{+YYYY.MM.dd}"
This worked great, until I started adding other types of beats. Take Packetbeat. It comes with this fantastic dashboard for DNS. Well the packetbeat yml files uses types to differentiate the different protocols so now I have indecies that say dns-2019.08.13 and icmp-2019.08.13. All correct since that is how I coded my logstash output, however, the dashboard is expecting packetbeat-2019.08.13 as the index name.
So bottom line, is there another option (metadata?) that I can use to create different custom index names from the same host besides using type?