Journalbeat is removed in 7.16
https://github.com/elastic/observability-docs/issues/1173
Use filebeat's new input type of journald:
https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-input-journald.html
Add input:
filebeat.inputs:
...
- type: journald
id: everything
To avoid indices like:
filebeat-%{[fields][source]}-2024.11.16
Set fields, source in journald input type, e.g.:
filebeat.inputs:
...
- type: journald
id: everything
fields:
source: journal
That will lead to index names as:
filebeat-journal-2024.11.16
I was trying with the index name configuration as described in docs:
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-journald.html#_index_13
But I should have been doing something wrong, as I was only getting indices like filebeat-%{[fields][source]}-2024.11.16.
Posts
No comments:
Post a Comment