How can we configure FileBeat to send logs to specific Index and Type defined in Elastic Search,
We have created a Mapping Inside an Index and have defined analyzers on the Mapping. But we cannot seem to configure FileBeat to send logs to that Index.
Taken from here.
output.elasticsearch:
hosts: ["http://localhost:9200"]
index: "filebeat-%{[beat.version]}-%{+yyyy.MM.dd}"
Add any other info like user/pass etc you need, and of course change the index to the proper name.
I see no reason why this shouldn't work. Except if you are using x-pack and the user you are trying to send the events with has no rights on this index. Could this be the case?
But we cannot seem to specify the type name here. We have a defined Type in the Index.
Not sure about the result but if i understand correct then you should use:
fields:
document_type: myType
on your prospector. I remember reading about the "type" being removed for elastic or something though.
Thanks for your response.
Are you referring to fields under the prospector? I thought document_type is to mention where logs originate. But we can run a check see if that works.
If i am not mistaken, and by fast reading the docs, this should override elastics _type field(defaults to doc).
And yeah where your set your paths/fields/tags etc.
Something like:
- type: log
paths:
- /my/path/
fields:
document_type: myTypeThis topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.