I am trying to add an tag for the logs of packetbeat before it sends to elasticsearch.
Packetbeat send his logs to logstash. In the logstash pipiline file i want to try to add an tag only for logs of packetbeat but I don't understand how because there is one input (pipeline) file for all beats on the same port.
I don't know how to specify an tag only for one beat.
Hope someone can help me.
Kind regards,
Robin
You can add tags directly in packetbeat configuration:
packetbeat.yml
# The tags of the shipper are included in their own field with each
# transaction published. Tags make it easy to group servers by different
# logical properties.
tags: ["service-X", "web-tier"]
This will add a tags field to each event with the specified tags.
Thanks!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.