K
Q

Filebeat Index name

9/24/2020

I deploy filebeat into Kubernetes cluster. I use the lines below changed the index name to "csc-%{+yyyy.MM.dd}"

 index: "csc-%{+yyyy.MM.dd}"
setup.template.name: "csc"
setup.template.pattern: "csc-*"

I have multiple namespaces in the Kubernetes cluster. I would like to have index names for each namespace. For example, I have namespaces csc-network, csc-ui and csc-workspace.

I would like to have index names as below for each namespace.

 index: "csc-network-%{+yyyy.MM.dd}"
setup.template.name: "csc-network"
setup.template.pattern: "csc-network-*"

 index: "csc-ui-%{+yyyy.MM.dd}"
setup.template.name: "csc-ui"
setup.template.pattern: "csc-ui-*"

 index: "csc-workspace-%{+yyyy.MM.dd}"
setup.template.name: "csc-workspace"
setup.template.pattern: "csc-workspace-*"

How to do it?

-- Melissa Jenner
elasticsearch
filebeat
kubernetes

Similar Questions

How to access kubernetes service on localhost with Docker for Windows
nginx proxy behind nginx ingress pass to vhost port doesn't work
INVALID is not a valid start token
istio-pilot on minikube is always in pending state
How to configure Jenkins master and dynamic agents in different clouds? With Kubernetes plugin

1 Answer

9/24/2020

As Filebeat is deployed as a daemonset in a namespace when you use the official Elastic charts, you can choose to create a helm deployment for each namespace with setting for the index name you are looking for. https://github.com/elastic/helm-charts/tree/master/filebeat

-- tuxiedev
Source: StackOverflow