Change the index name

edit

Auditbeat uses data streams named auditbeat-8.15.4. To use a different name, set the index option in the Elasticsearch output. You also need to configure the setup.template.name and setup.template.pattern options to match the new name. For example:

output.elasticsearch.index: "customname-%{[agent.version]}"
setup.template.name: "customname-%{[agent.version]}"
setup.template.pattern: "customname-%{[agent.version]}"

If you’re using pre-built Kibana dashboards, also set the setup.dashboards.index option. For example:

setup.dashboards.index: "customname-*"

For a full list of template setup options, see Elasticsearch index template.