Hi,
I would like to dynamically add all IP-addresses and all MAC-addresses of the sender host to each event sent by filebeat. Is there a way to do that? If not, I would be happy to contribute a new processor, similar to the add_locale processor, but for this purpose.
Hi @hypp
Interesting timing. We recently started a discussing about which additional host information we should add to an event for example through a processor. Can you open a feature request for this on Github and share some details on how you would implement and which field names you would use?
I'm interested to know how this information would be used and why it's needed.
On a related note there was an enhancement to the logstash beats input to add [@metadata][ip_address] to all incoming events. So you could use this to add the source IP to events. https://github.com/logstash-plugins/logstash-input-beats/issues/180
I opened issue #5396 at Github for this. I hope that is what you wanted me to do?
It will be used to track IP-address assignment over time for physical and virtual hardware,
for both statically assigned and dynamically assigned (DHCP) addresses.
@hypp Thanks
Do we really need to add these kind of metadata to each single even from filebeat? Sounds more like a task for metricbeat (or another kind of beat) reporting some info on the hosts environment. For filebeat the issue is (on old logs or on back-pressure), the addresses do not necessarily match the time the log line was written.
I definitely want it on every event, even though the data might be wrong in rare cases.
I suggest making it configurable.
Another option for me would be to have filebeat call a function in an external library, and that function could add fields to each event.
Agree this should be configurable.
Interesting point from @steffens about the log case. But I assume that is also an issue we face with the other add_* processors?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.