I am using udp input plugin to listen to syslog messages. The documentation says that the host field is the "The address which logstash will listen on". This is exacly what I need, but instead, host value is the IP address of the machine that sends the syslog message.
Is that how it should be? Any way I can get the name of the LogStash machine no matter which plugin I am using?
You're confusing the host configuration option of the udp input with the fields in the resulting events. The host field of the events will indeed contain the IP address (and port?) of the sender.
To store the hostname of the Logstash machine I don't think there's a better way than using a ruby filter. Try this:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.