From 4fc4913d1efa1c590d5cc10b220ae8f22bc8a350 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Mon, 12 Oct 2020 15:44:00 +0000
Subject: [PATCH] Don't predefine index date for Filebeat ES outputs

---
 salt/filebeat/etc/filebeat.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index 01febed92..99f1de188 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -82,7 +82,7 @@ filebeat.inputs:
     module: syslog
     dataset: syslog
   pipeline: "syslog"
-  index: "so-syslog-%{+yyyy.MM.dd}"
+  index: "so-syslog"
   processors:
   - drop_fields:
       fields: ["source", "prospector", "input", "offset", "beat"]
@@ -95,7 +95,7 @@ filebeat.inputs:
     module: syslog
     dataset: syslog
   pipeline: "syslog"
-  index: "so-syslog-%{+yyyy.MM.dd}"
+  index: "so-syslog"
   processors:
   - drop_fields:
       fields: ["source", "prospector", "input", "offset", "beat"]
@@ -259,22 +259,22 @@ output.elasticsearch:
   pipelines:
     - pipeline: "%{[module]}.%{[dataset]}"
   indices:
-    - index: "so-import-%{+yyyy.MM.dd}"
+    - index: "so-import"
       when.contains:
         tags: "import"
-    - index: "so-zeek-%{+yyyy.MM.dd}"
+    - index: "so-zeek"
       when.contains:
         module: "zeek"
-    - index: "so-ids-%{+yyyy.MM.dd}"
+    - index: "so-ids"
       when.contains:
         module: "suricata"
-    - index: "so-ossec-%{+yyyy.MM.dd}"
+    - index: "so-ossec"
       when.contains:
         module: "ossec"
-    - index: "so-osquery-%{+yyyy.MM.dd}"
+    - index: "so-osquery"
       when.contains:
         module: "osquery"
-    - index: "so-strelka-%{+yyyy.MM.dd}"
+    - index: "so-strelka"
       when.contains:
         module: "strelka"