I would like to append hostname in each index name for classification of files based on the source hostname.
output{
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "sample-%{[@metadata][hostname]}-%{[@metadata][beat]}-%{[@metadata][version]}-soap2-%{[@metadata][beat]}-%{+YYYY.MM.dd}"
}
}
This metadata is not working %{[@metadata][hostname]};
You might not have a field called hostname.
Add this to your output and it will show you all the metadata fields available.
stdout { codec => rubydebug { metadata => true } }
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.