Elastic search shows events posted by my beat with following values in beat.* fields:
beat.hostname hostname
beat.name hostname
beat.version 7.0.0-alpha1
I guess, this is due to beat.go code.
What would be the easiest way to have beat.name show beat.Info.Beat (i.e. "my beat name")?
The value in beat.name is a custom user-defined name. It's supposed to be changed by operators to identify a machine the data come from.
Your beats name is published at least via @metadata. Users integration beats with Logstash, normally use the @metadata fields, so to generate the same index names for example.
The name setting overwrite beat.name.
Ok.
What is the purpose of beat.hostname then?
That’s all I see it in Elasticsearch:
@timestamp May 8th 2018, 0:00:00.000
t _id 100000001
t _index test-7.0.0-alpha1-2018.05.08
# _score -
t _type doc
t beat.hostname hostname
t beat.name hostname
t beat.version 7.0.0-alpha1
# id 100,000,001
Do I have to add it manually?
May I have an example, please?
The name setting overwrite beat.name.
May I have an example, please?
Adding this to your config file:
name: abc
will give you:
|@timestamp|May 8th 2018, 0:00:00.000|
|---|---|
|t _id|100000001|
|t _index|test-7.0.0-alpha1-2018.05.08|
|# _score|-|
|t _type|doc|
|t beat.hostname|hostname|
|t beat.name|abc|
|t beat.version|7.0.0-alpha1|
|# id|100,000,001|
The hostname can not be changed and is only the hostname (not the FQDN). For users running multiple beats one the same host (indexing into the same index) or having a setup with machines having the same hostname (but with different domain name), the name setting adds some more filtering capabilities.
I’ve seen beat.go code. I tried with testbeat. Neither
test:
name: abc
nor
test:
name: "abc"
works in test.yml.
Did I do it wrong?
It's a global setting, no indentation required. All libbeat settings are available in the config.reference.yml. When running make update, the beats local <beatname>/_meta/config.yml and <beatname>_meta/config.reference.yml are concatenated with the github.com/elastic/beats/libbeat/_meta/config.<>.yml files.
Worked like a charm!
Thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.