Multiple ways to do that were investigated in the past. The most generic is probably to install an ingest pipeline for logs-*-* data streams during setup. This is currently not possible in Elasticsearch, so this task should begin with investigation of the feasibility of this option. If we can add this capability natively to Elasticsearch, we will be able to benefit from it for other things we plan to do through ingest pipelines later on, like automatic detection of JSON inputs and rerouting (to enable automatic dataset separation, for example based on automatically discovered services).