Change the index name
editChange the index name
editAuditbeat uses data streams named auditbeat-8.16.1
.
To use a different name, set the index
option
in the Elasticsearch output. You also need to configure the setup.template.name
and
setup.template.pattern
options to match the new name. For example:
output.elasticsearch.index: "customname-%{[agent.version]}" setup.template.name: "customname-%{[agent.version]}" setup.template.pattern: "customname-%{[agent.version]}"
If you’re using pre-built Kibana dashboards, also set the
setup.dashboards.index
option. For example:
setup.dashboards.index: "customname-*"
For a full list of template setup options, see Elasticsearch index template.