About host field value


I am using udp input plugin to listen to syslog messages. The documentation says that the host field is the "The address which logstash will listen on". This is exacly what I need, but instead, host value is the IP address of the machine that sends the syslog message.

Is that how it should be? Any way I can get the name of the LogStash machine no matter which plugin I am using?

Thx in advance for your help.

You're confusing the host configuration option of the udp input with the fields in the resulting events. The host field of the events will indeed contain the IP address (and port?) of the sender.

To store the hostname of the Logstash machine I don't think there's a better way than using a ruby filter. Try this:

ruby {
  init => "require 'socket'"
  code => "event['name-of-field'] = Socket.gethostname"