Hello,
Is there a way to stop logstash from automatically creating an index in Elasticsearch. even if the conf file does not contain any configuration regarding the index.
Logstash logs:
logstash | [WARN ] 2022-06-07 09:21:17.045 [[main]>worker6] elasticsearch - Could not index event to Elasticsearch. {:status=>400, :action=>["create", {:_id=>nil, :_index=>"logs-cisco_asa.log", :routing=>nil},
The index now is closed because I cannot delete it:
Logstash conf file
Output {
else if [type] == "syslog" {
elasticsearch {
hosts => ["https://X.X.X.X:9200","https://X.X.X.X:9200","https://X.X.X.X:9200"]
cacert => 'XXXXXXX’
user => "XXX"
password => “xxxx"
data_stream => true
data_stream_type => "logs"
data_stream_dataset => "asa"
data_stream_namespace => "prod"
}
}
}