For NonCluster
setup.template.name: 'my-winlogbeat-%{[beat.version]}'
setup.template.pattern: 'my-winlogbeat-%{[beat.version]}-*'
output.elasticsearch.index: 'my-winlogbeat-%{[beat.version]}-%{+yyyy.MM}'
Notes: Winlogbeat version 7 when push to CLUSTER will default to 'ilm'(index lifecycle management)
For Cluster :
setup.ilm.enabled: auto
setup.ilm.rollover_alias: "my-winlogbeat"
setup.ilm.pattern: "{now/d}-000001"
ref:
1- https://discuss.elastic.co/t/changing-the-index-name-for-winlogbeat-sent-to-elasticsearch/168722/6
setup.template.name: 'my-winlogbeat-%{[beat.version]}'
setup.template.pattern: 'my-winlogbeat-%{[beat.version]}-*'
output.elasticsearch.index: 'my-winlogbeat-%{[beat.version]}-%{+yyyy.MM}'
Notes: Winlogbeat version 7 when push to CLUSTER will default to 'ilm'(index lifecycle management)
For Cluster :
setup.ilm.enabled: auto
setup.ilm.rollover_alias: "my-winlogbeat"
setup.ilm.pattern: "{now/d}-000001"
ref:
1- https://discuss.elastic.co/t/changing-the-index-name-for-winlogbeat-sent-to-elasticsearch/168722/6
No comments:
Post a Comment
Terima kasih