Beat.hostname & beat.name values

ecc256 · May 8, 2018, 2:56am

Elastic search shows events posted by my beat with following values in beat.* fields:
beat.hostname hostname
beat.name hostname
beat.version 7.0.0-alpha1
I guess, this is due to beat.go code.
What would be the easiest way to have beat.name show beat.Info.Beat (i.e. "my beat name")?

steffens · May 8, 2018, 9:31am

The value in beat.name is a custom user-defined name. It's supposed to be changed by operators to identify a machine the data come from.
Your beats name is published at least via @metadata. Users integration beats with Logstash, normally use the @metadata fields, so to generate the same index names for example.

The name setting overwrite beat.name.

ecc256 · May 8, 2018, 3:33pm

Ok.
What is the purpose of beat.hostname then?

That’s all I see it in Elasticsearch:
@timestamp May 8th 2018, 0:00:00.000
t _id 100000001
t _index test-7.0.0-alpha1-2018.05.08
# _score -
t _type doc
t beat.hostname hostname
t beat.name hostname
t beat.version 7.0.0-alpha1
# id 100,000,001
Do I have to add it manually?

May I have an example, please?

steffens · May 8, 2018, 3:56pm

The name setting overwrite beat.name.

May I have an example, please?

Adding this to your config file:

name: abc

will give you:

|@timestamp|May 8th 2018, 0:00:00.000|
|---|---|
|t _id|100000001|
|t _index|test-7.0.0-alpha1-2018.05.08|
|# _score|-|
|t _type|doc|
|t beat.hostname|hostname|
|t beat.name|abc|
|t beat.version|7.0.0-alpha1|
|# id|100,000,001|

The hostname can not be changed and is only the hostname (not the FQDN). For users running multiple beats one the same host (indexing into the same index) or having a setup with machines having the same hostname (but with different domain name), the name setting adds some more filtering capabilities.

ecc256 · May 8, 2018, 4:30pm

I’ve seen beat.go code. I tried with testbeat. Neither
test:
name: abc
nor
test:
name: "abc"
works in test.yml.
Did I do it wrong?

steffens · May 10, 2018, 11:40am

It's a global setting, no indentation required. All libbeat settings are available in the config.reference.yml. When running make update, the beats local <beatname>/_meta/config.yml and <beatname>_meta/config.reference.yml are concatenated with the github.com/elastic/beats/libbeat/_meta/config.<>.yml files.

ecc256 · May 14, 2018, 5:42pm

Worked like a charm!
Thanks!

system · June 11, 2018, 5:42pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.