Separate index per application or name space

maxozerov · August 7, 2019, 4:43pm

Hello, Raju!
This separation is similar made (with example) and discussed here.
Or Elastic Doc example:

output.elasticsearch:
  hosts: ["http://localhost:9200"]
  indices:
    - index: "warning-%{[agent.version]}-%{+yyyy.MM.dd}"
      when.contains:
        message: "WARN"
    - index: "error-%{[agent.version]}-%{+yyyy.MM.dd}"
      when.contains:
        message: "ERR"

So, need conditions
Approximate my copy-paste:

 indices:
    - index: 'filebeat-{{ .Values.elasticsearch.indexSuffix}}-%{[data.kubernetes.labels.app]}-%{+yyyy.MM.dd}' 
      when:
        or:
          - equals:
              data.kubernetes.labels.app: 'cool bro'

Topic		Replies	Views
Filebeat trouble with separate indexes per namespace Beats filebeat	1	1173	November 17, 2021
How to create indices based on kubernetes metadata Beats filebeat	4	3972	March 19, 2018
Kubernetes autodiscover indices Beats filebeat	1	304	November 13, 2019
Filebeat is not creating indices for each pod name Beats elastic-stack-alerting , filebeat	4	100	July 8, 2024
Not able to change filebeat index name running on Kubernetes Beats filebeat	3	1573	July 6, 2020

Separate index per application or name space

Related topics