Specify outputs for Elasticsearch and Kibana for Eval and Import Mode

Add outputs for Elasticsearch and Kibana for Eval/Import Mode, since Logstash is not used in Eval Mode or Import Mode. Otherwise, logs from these inputs end up in a filebeat-prefixed index.
2025-12-06 09:12:45 +01:00 · 2022-07-11 17:22:09 -04:00
parent d828bbfe47
commit 11d3ed36b7
1 changed files with 6 additions and 0 deletions
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -449,6 +449,12 @@ output.elasticsearch:
    - index: "so-logscan"
      when.contains:
        module: "logscan"
+    - index: "so-elasticsearch-%{+YYYY.MM.dd}"
+      when.contains:
+        event.module: "elasticsearch"
+    - index: "so-kibana-%{+YYYY.MM.dd}"
+      when.contains:
+        event.module: "kibana"
  
 setup.template.enabled: false
  {%- else %}