Hi,
I am experimenting using Elastic and Winlogbeat to collect System, Application and Security log. How is it possible to create different Index Patterns for each one instead of the one "Winlogbeat-*"
Thanks
You just need to edit the indices option of elasticsearch:
For example in case of "Security" you need the following snippet:
output.elasticsearch:
indices:
- index: "winlogbeat-%{[beat.version]}-security-%{+yyyy.MM.dd}"
when.equals:
log_name: "Security"
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.