Send to different indices with filebeat modules and ILM enabled

nber · January 28, 2021, 1:43pm

Hey there,

I'd like to collect logs on a device with different modules and send them to different indices.
The question itself is answered in:

Though, as far as I understand, this only works when ILM is disabled. Yet, I would like to keep ILM enabled on filebeat, to have the possibility to apply changes to the default index without touching/updating every device.
Now let's say I want syslog module logs in syslog index and nginx logs in ILM default index, e.g. filebeat-XYZ.

This is no problem for self defined inputs, yet, I can't figure out how to send logs collected by modules to different indices with ILM enabled.

Thanks and best regards,
Niklas

system · February 25, 2021, 3:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Enable 2 different filebeat modules & send to different index name Beats filebeat	5	3579	July 26, 2019
ILM and using one index per Filebeat module Beats filebeat	3	1338	November 28, 2019
Custom Index Name for Apache Module, but using ILM as well Beats filebeat	3	889	May 4, 2020
Issue with sending apache logs to elasticsearch with different indices Beats filebeat	1	399	July 5, 2023
Index name for modules Beats filebeat	4	1359	September 11, 2019

Send to different indices with filebeat modules and ILM enabled

Related topics