Don't predefine index date for Filebeat ES outputs

2025-12-08 18:22:47 +01:00 · 2020-10-12 15:44:00 +00:00
parent 884cc2d054
commit 4fc4913d1e
1 changed files with 8 additions and 8 deletions
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -82,7 +82,7 @@ filebeat.inputs:
    module: syslog
    dataset: syslog
  pipeline: "syslog"
-  index: "so-syslog-%{+yyyy.MM.dd}"
+  index: "so-syslog"
  processors:
  - drop_fields:
      fields: ["source", "prospector", "input", "offset", "beat"]
@@ -95,7 +95,7 @@ filebeat.inputs:
    module: syslog
    dataset: syslog
  pipeline: "syslog"
-  index: "so-syslog-%{+yyyy.MM.dd}"
+  index: "so-syslog"
  processors:
  - drop_fields:
      fields: ["source", "prospector", "input", "offset", "beat"]
@@ -259,22 +259,22 @@ output.elasticsearch:
  pipelines:
    - pipeline: "%{[module]}.%{[dataset]}"
  indices:
-    - index: "so-import-%{+yyyy.MM.dd}"
+    - index: "so-import"
      when.contains:
        tags: "import"
-    - index: "so-zeek-%{+yyyy.MM.dd}"
+    - index: "so-zeek"
      when.contains:
        module: "zeek"
-    - index: "so-ids-%{+yyyy.MM.dd}"
+    - index: "so-ids"
      when.contains:
        module: "suricata"
-    - index: "so-ossec-%{+yyyy.MM.dd}"
+    - index: "so-ossec"
      when.contains:
        module: "ossec"
-    - index: "so-osquery-%{+yyyy.MM.dd}"
+    - index: "so-osquery"
      when.contains:
        module: "osquery"
-    - index: "so-strelka-%{+yyyy.MM.dd}"
+    - index: "so-strelka"
      when.contains:
        module: "strelka"