We currently have filebeat setup on a Windows node that is hosting several web apps. The filebeat.yml is very similar to this. I've sanitized host and application names.
filebeat.inputs:
- type: log
enabled: true
paths:
- C:\\inetpub\\logs\\*.txt
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 3
tags: ["WINWEB"]
fields:
application_ID: "APP_ID"
version_ID: "1.0"
environment_ID: "test"
fields_under_root: true
setup.kibana:
host: "https://kibana:5601"
output.logstash:
hosts: ["ingest1:25000", "ingest2:25000"]
loadbalance: true
ssl.certificate_authorities: [ "D:/apps/elasticstack/filebeat/root.ca.crt", "D:/apps/elasticstack/filebeat/intermediate.ca.crt" ]
ssl.certificate: "D:/apps/elasticstack/filebeat/WINWEB.crt"
ssl.key: "D:/apps/elasticstack/filebeat/WINWEB.key.pem"
Does filebeat.yml support conditional statements? For example, could I do something like the following to set the application_ID to be used later on in logstash pipelines?
if path == C:\\inetpub\\logs\\scheduling.txt {
fields:
application_ID: "SCHEDULING"
version_ID: "1.0"
environment_ID: "test"
}
else if path == C:\\inetpub\\logs\\reporting.txt {
fields:
application_ID: "REPORTING"
version_ID: "1.0"
environment_ID: "test"
}
...
...
...
...