I currently have logstash configured to process WebSphere SystemOut.log files. No issues there. I have created a mutate construct within the filter section to enable us to add hostname, nodename, etc., so that we can properly separate things in Elasticsearch when we perform our analysis.
But, as we are going to switch to multiple WebSphere hosts using Filebeats I am trying to think through how best to ensure that 'host/node/AppServer' type information is included into the indexing scheme.
Can I / should I configure the 'tags' in filebeat to include the information I desire and then include this information into a logstash variable?
As this information isn't within the SystemOut.log file I'm trying to strategize on the best way to accomplish this.
How are others accomplishing this and/or what options should I pursue?
Thanks.