Accesing with Logstash to Filebeat parameter fields

Asier_Saluena · February 20, 2018, 7:37am

Hi all,

I'm trying new ELK version (6.2), and I'm using the new config options 'fields' to create a field named logtype. I want to detect logs in Logstash using this parameter.

filebeat.prospectors:
- type: log
  enabled: true
  paths:
    - /var/log/filebeat/filebeat
  fields:
    doc_type: syslog

How can I access to this field in logstash?

magnusbaeck · February 20, 2018, 1:35pm

You can access it like any other field, see https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html. If you describe what you want to accomplish it will be possible to provide an example.

Topic		Replies	Views
Ingest problem with filebeat and logstash Logstash	10	1336	December 25, 2017
Logstash not able to access the custom field from Filebeat Logstash	2	2026	June 27, 2017
Recommended way of telling Logstash type of logs Beats filebeat	2	853	February 8, 2018
Filebeat fields value unable to use it in logstash configuration file Logstash	9	628	February 7, 2021
Document_type is being ignored Beats filebeat	5	4517	December 28, 2017

Accesing with Logstash to Filebeat parameter fields

Related topics