Hello,
I want to create a Field with the value that i want like in Logstash.
For example in my Logstash configuration i set in the fingerprint module:
add_field => {"key" => "123" }
On the log (In Kibana), I saw this field ("key") with the value associated("123") from Logstash but i want to do the same field from Winlogbeat.
How can i do that please ?
Thanks for your answer @Coinology .
I'm sorry my ticket wasn't complete, but i already use this field (add_fields) in winlogbeat configuration, and in Kibana's logs i don't have this "new field" from winlogbeat.
processors:
- add_fields:
fields:
name: keys
id: '123'
I also want to choose the value of my fields like i did it in logstash, is there a setting to do this in that plugin ?
Thanks.
@JeanN hmm, that should be working. If you run Winlogbeat manually, are you seeing any errors?
Regarding the value of the fields, I am not sure what you are asking. Can you clarify? If I'm understanding you correctly, then you are already choosing the value with the add_fields processor.
For example:
processors: - add_fields: fields: name: keys id: '123'
This adds two fields. One named name with a value of keys and one named id with a value of 123. Am I missing something?
@Coinology Thanks for your answer, i find my error.
It was cause of several "processors" at top-level that i put in my configuration, so the yaml parser can't handle correctly, but now it works.
I didn't understand those plugin settings (add_fields) like this but now i do, thank you for your time.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.