Send to different indices with filebeat modules and ILM enabled

nber · January 28, 2021, 1:43pm

Hey there,

I'd like to collect logs on a device with different modules and send them to different indices.
The question itself is answered in:

Though, as far as I understand, this only works when ILM is disabled. Yet, I would like to keep ILM enabled on filebeat, to have the possibility to apply changes to the default index without touching/updating every device.
Now let's say I want syslog module logs in syslog index and nginx logs in ILM default index, e.g. filebeat-XYZ.

This is no problem for self defined inputs, yet, I can't figure out how to send logs collected by modules to different indices with ILM enabled.

Thanks and best regards,
Niklas

system · February 25, 2021, 3:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Custom Index Name for Apache Module, but using ILM as well Beats filebeat	3	888	May 4, 2020
Issue with sending apache logs to elasticsearch with different indices Beats filebeat	1	394	July 5, 2023
Index name for modules Beats filebeat	4	1355	September 11, 2019
Filebeat, ILM and multiple indices Beats filebeat	7	3354	March 29, 2020
Multiple indexnames from 1 filebeat instance with ilm Beats ilm-index-lifecycle-management , filebeat	5	380	May 24, 2021

Send to different indices with filebeat modules and ILM enabled

Related Topics