Greetings,
I started experimenting Elasticsearch with importing logs from different servers and docker containers using Filebeat. I was able to use KQL and build custom Kibana dashboards which is very good to better monitor our different services.
However, I started to struggle figuring out how to set index templates for each service instead of using the default "filebeat-x.x.x-yyyy-mm-dd" index and I tried to change it for each service but unfortunately it didn't work.
Below, you can find a sample filebeat.yml file which I use to try achieving this:
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
filebeat.inputs:
- type: docker
containers.ids:
- "<container-id>"
enabled: true
setup.template.name: "service"
setup.template.pattern: "service-*"
setup.template.enabled: false
setup.template.overwrite: false
setup.template.settings:
index.number_of_shards: 1
cloud.id: "<cloud-id>"
cloud.auth: "elastic:<password>"
output.elasticsearch.index: "service-%{+yyyy.MM.dd}"
I tried running the following command and it keeps building the default template & index too:
filebeat setup --template
Note that I am using Debian to run filebeat.
I even created my own template directly using Kibana dev tools.
Could you please advise how can I be able to create custom index templates?
Thanks a lot!