Using Environment variable in ES index name

Alsheh · March 18, 2019, 8:32pm

I was hopping to use an env variable as part of the index name:

...
output.elasticsearch:
...
  index: 'auditbeat-${ENVIRONMENT_NAME}-%{[host][name]}-%{+yyyy.MM.dd}'
...

But when setting up the Kibana dashboard manually I get:

Exiting: missing field accessing 'output.elasticsearch.index' (source:'auditbeat.yml')

What worked for me is adding the env variable as a field and then use it in the index name:

...
  fields:
    environment_name: ${ENVIRONMENT_NAME}
...
output.elasticsearch:
...
  index: 'auditbeat-%{[fields][environment_name]}-%{[host][name]}-%{+yyyy.MM.dd}'
...

But I'm not interested to store the [fields][environment_name] field in ES, is there a work around to achieve this perhaps with storing a temp variable in @metadata field?

shaunak · March 18, 2019, 10:03pm

Hmmm, that should've worked.

Can you post the complete command you ran to setup the Kibana dashboards manually? Was ENVIRONMENT_VARIABLE set when you ran the command?

Alsheh · March 18, 2019, 11:28pm

You're right, it worked. The ENVIRONMENT_VARIABLE was set in the Filebeat process but not set in the shell process where I attempted to setup the Kibana dashboards manually which is why it failed initially.

system · April 16, 2019, 1:28am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[Solved] Environment variable references doesn't seem to work in output Logstash	3	940	July 6, 2017
Auditbeat configuration pass dynamic shell environment variable Beats auditbeat	7	383	November 18, 2022
How can I create the kibana index via environment variables Kibana	4	821	September 13, 2018
Beats environment variable not working Beats auditbeat	2	323	September 1, 2020
Environment variable syntax problems for beats monitoring Beats	2	354	November 28, 2019

Using Environment variable in ES index name

Related topics