filebeat is not creating index with my name

Question

I am using filebeat to send my application logs to Elasticsearch and directly connecting to my Elasticsearch for sending the logs.

My file beat configuration

filebeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    reload.enabled: false

filebeat.inputs:
  - type: log
    paths:
      - "/var/log/*.log"
setup.ilm.enabled: false
setup.template.overwrite: true
output.elasticsearch:
  hosts: ["aws-es:443"]
  output.elasticsearch.index: "myapp-%{[agent.version]}-%{+yyyy.MM.dd}"
  username: '${ELASTICSEARCH_USERNAME:}'
  password: '${ELASTICSEARCH_PASSWORD:}

Please note that in output.elasticsearch.index: I am giving myapp as prefix to my index name in Elasticsearch but filebeat is creating index with filebeat-7.7.0-2020.05.31 name ie using its own name filebeat as prefix which I don't want as I am having multiple applications and want to create a separate index for them.

Vijay Kumar Vijay Kumar · Accepted Answer · 2020-06-01T08:24:41

you need to set setup.template.name and setup.template.pattern as mentioned in the error message. Please add below extra lines in your filebeat.yml.

setup.template: name: 'myapp' pattern: 'myapp-*' enabled: false

Now your complete filebeat.yml should look like

filebeat.config: modules: path: $ { path.config } /modules.d/ * .yml reload.enabled: false

  filebeat.inputs:
    -type: log
  paths:
    -"/var/log/*.log"
  setup.ilm.enabled: false
  setup.template.overwrite: true
  output.elasticsearch:
    hosts: ["aws-es:443"]
  output.elasticsearch.index: "myapp-%{[agent.version]}-%{+yyyy.MM.dd}"
  username: '${ELASTICSEARCH_USERNAME:}'
  password: '${ELASTICSEARCH_PASSWORD:}

setup.template: name: 'myapp' pattern: 'myapp-*' enabled: false

filebeat is not creating index with my name

2 Answers