I need some help with strange behaviour of Filebeat vs Elastic.
I have AKS cluster (K8S 1.28.9) with stack: Elastic + Filebeat + Logstash (I have disabled it not to mess with Filebeat – it’s not serving any reqs).
What I suffer from is that if I delete index in Elastic (after flush + clean) and restart Filebeat it updates all logs from certain period and than stops.
I have checked almost every possibility form internet but no success.
What is wrong with config?

Versions:
logstash:8.5.0
kibana:8.3.1
elasticsearch:8.3.1
AKS cluster: 1.28.9

apiVersion: v1
kind: ConfigMap
metadata:
  name: filebeat-config
data:
  filebeat.yml: |
    filebeat.inputs:
    - type: log
      enabled: true
      paths:
        - /var/uat6-app/SL-LOG/*coresuite_sl-services-*.log
      scan_frequency: 1s  # Check for new log entries every 1 second
      close_inactive: 7200m   # Close files inactive for more than 5 days 
      clean_inactive: 45000m  # Remove state entries older than 30 days
      ignore_older: 43200m   # Ignore files older than 30 days
      close_eof: true # Filebeat will close the file as soon as it reaches the end of the file. If new data is appended to the file later, Filebeat will reopen the file and resume reading from where it left off.
      close_older: 1h
      
      
      multiline:
        pattern: '^[d{4}-d{2}-d{2}'
        negate: true
        match: after

      processors:
        - dissect:
            tokenizer: '[%{timestamp}],%{log.level},[%{source}],%{requestToken},%{thread},%{hostName},%{clientIP},%{clientPort},[] %{message}'
            field: "message"
            target_prefix: "log"
            ignore_failure: true

        - dissect:
            when:
              contains:
                log.message: "PrimaryFilter - doFilter :"
            tokenizer: 'PrimaryFilter - doFilter : %{exception_message}'
            field: "log.message"
            target_prefix: "log"
            ignore_failure: true

        - add_fields:
            when:
              not:
                has_fields: ['log.clientIP']
            target: "log"
            fields:
              clientIP: "unknown"

        - add_fields:
            when:
              not:
                has_fields: ['log.requestToken']
            target: "log"
            fields:
              requestToken: "unknown"

        - add_fields:
            when:
              not:
                has_fields: ['log.clientPort']
            target: "log"
            fields:
              clientPort: "unknown"

        - fingerprint:
            when:
              has_fields: ["log.timestamp", "log.requestToken", "log.uri", "log.timeElapsed", "log.statusCode", "log.httpMethod", "log.hostName", "log.clientIP", "log.clientPort"]
            fields: ["log.timestamp", "log.requestToken", "log.uri", "log.timeElapsed", "log.statusCode", "log.httpMethod", "log.hostName", "log.clientIP", "log.clientPort"]
            target_field: "@metadata._id"
            method: "sha256"

    setup.ilm.overwrite: true
    setup.ilm.enabled: false
    setup.template.name: 'uat6'
    setup.template.pattern: 'uat6-app-*'
    setup.template.overwrite: true
    setup.template.enabled: false
      
    output.elasticsearch:
      hosts: ["${ES_HOSTS}"]
      username: "${ES_USER}"
      password: "${ES_PASSWORD}"
      index: "uat6-app-%{+yyyy.MM.dd}"
      ssl.verification_mode: "none"
      allow_older_versions: true
      document_id: "%{[@metadata][_id]}"



    logging.level: debug
    logging.selectors: ["*"]