Hello, Raju!
This separation is similar made (with example) and discussed here.
Or Elastic Doc example:
output.elasticsearch:
hosts: ["http://localhost:9200"]
indices:
- index: "warning-%{[agent.version]}-%{+yyyy.MM.dd}"
when.contains:
message: "WARN"
- index: "error-%{[agent.version]}-%{+yyyy.MM.dd}"
when.contains:
message: "ERR"
So, need conditions
Approximate my copy-paste:
indices:
- index: 'filebeat-{{ .Values.elasticsearch.indexSuffix}}-%{[data.kubernetes.labels.app]}-%{+yyyy.MM.dd}'
when:
or:
- equals:
data.kubernetes.labels.app: 'cool bro'