diff --git a/filebeat/fileset/fileset.go b/filebeat/fileset/fileset.go index 452887250913..dae801738f90 100644 --- a/filebeat/fileset/fileset.go +++ b/filebeat/fileset/fileset.go @@ -510,6 +510,9 @@ func FixYAMLMaps(elem interface{}) (_ interface{}, err error) { // FormatPipelineID generates the ID to be used for the pipeline ID in Elasticsearch func FormatPipelineID(prefix, module, fileset, path, version string) string { + if module == "" && fileset == "" { + return fmt.Sprintf("%s-%s-%s", prefix, version, removeExt(filepath.Base(path))) + } return fmt.Sprintf("%s-%s-%s-%s-%s", prefix, version, module, fileset, removeExt(filepath.Base(path))) } diff --git a/winlogbeat/beater/winlogbeat.go b/winlogbeat/beater/winlogbeat.go index 945b05bc87d2..ec7ebf90ef6f 100644 --- a/winlogbeat/beater/winlogbeat.go +++ b/winlogbeat/beater/winlogbeat.go @@ -108,7 +108,7 @@ func (eb *Winlogbeat) init(b *beat.Beat) error { eb.eventLogs = append(eb.eventLogs, logger) } b.OverwritePipelinesCallback = func(esConfig *common.Config) error { - overwritePipelines := true + overwritePipelines := config.OverwritePipelines esClient, err := eslegclient.NewConnectedClient(esConfig, "Winlogbeat") if err != nil { return err diff --git a/winlogbeat/module/pipeline.go b/winlogbeat/module/pipeline.go index 457f3c060e43..6e5edeb8a68b 100644 --- a/winlogbeat/module/pipeline.go +++ b/winlogbeat/module/pipeline.go @@ -139,7 +139,7 @@ func readFile(filename string, info beat.Info) (p pipeline, err error) { return pipeline{}, err } p = pipeline{ - id: fileset.FormatPipelineID(info.IndexPrefix, "default", "default", filename, info.Version), + id: fileset.FormatPipelineID(info.IndexPrefix, "", "", filename, info.Version), contents: updatedContent, } return p, nil @@ -179,8 +179,8 @@ func applyTemplates(prefix string, version string, filename string, original []b vars := map[string]interface{}{ "builtin": map[string]interface{}{ "prefix": prefix, - "module": "default", - "fileset": "default", + "module": "", + "fileset": "", "beatVersion": version, }, } diff --git a/x-pack/winlogbeat/_meta/config/output-elasticsearch.yml.tmpl b/x-pack/winlogbeat/_meta/config/output-elasticsearch.yml.tmpl index f9edbc21d3a4..ed83c8f61039 100644 --- a/x-pack/winlogbeat/_meta/config/output-elasticsearch.yml.tmpl +++ b/x-pack/winlogbeat/_meta/config/output-elasticsearch.yml.tmpl @@ -12,4 +12,4 @@ output.elasticsearch: #password: "changeme" # Pipeline to route events to security, sysmon, or powershell pipelines. - pipeline: "winlogbeat-%{[agent.version]}-default-default-routing" + pipeline: "winlogbeat-%{[agent.version]}-routing" diff --git a/x-pack/winlogbeat/winlogbeat.yml b/x-pack/winlogbeat/winlogbeat.yml index 6d8f35887ea2..6ae52cd3f3a6 100644 --- a/x-pack/winlogbeat/winlogbeat.yml +++ b/x-pack/winlogbeat/winlogbeat.yml @@ -121,8 +121,8 @@ output.elasticsearch: #username: "elastic" #password: "changeme" - # Pipeline to route events to security, sysmon or powershell pipelines - pipeline: "winlogbeat-%{[agent.version]}-default-default-routing" + # Pipeline to route events to security, sysmon, or powershell pipelines. + pipeline: "winlogbeat-%{[agent.version]}-routing" # ------------------------------ Logstash Output ------------------------------- #output.logstash: