curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.12.1-x86_64.rpm
sudo rpm -vi filebeat-7.12.1-x86_64.rpm

cp /etc/filebeat/filebeat.yml /etc/filebeat/filebeat.yml.cp
cat > /etc/filebeat/filebeat.yml << EOF
filebeat.inputs:
- type: log
enabled: true
paths:
- /data/logs/*.json.log
json.keys_under_root: true
json.overwrite_keys: true

setup.template.settings:
index.number_of_shards: 3

output.elasticsearch:
hosts: ["IP:9200"]
index: "nginx-access-callback"
username: "elastic"
password: "RJXYOA7hXYKwbxcsVpCW"

setup.template.enable: true
setup.template.name: "nginx"
setup.template.pattern: "nginx-*"

setup.ilm.enabled: false
EOF

systemctl restart filebeat
systemctl status filebeat