Create New Fields from Metricbeat

personal.riz · March 11, 2022, 4:37am

Hi guys, i want to ask how to create new fields from metricbeat value like host.network.in.bytes for network monitoring.
i want to create query PPL from metricbeat value but the value is null, i think because the value from host.network.in.bytes is not readable, so im trying to create new fields NetworkInbound for host.network.in.bytes but the value isn't appear.

input {
  beats {
    port => 5044
  }
}

filter {
      mutate {
        add_fields=> {"NetworkInbound" => "host.network.in.bytes"}
      }
    }


output {
  elasticsearch{
    hosts => ["100.100.100.100:9200"]
    index => "metricbeat"

after use this metricbeat.conf the value from NetworkInbound only "host.network.in.byes" string not the value like this

my question is : How to create new fields for host.network.in.bytes, host.network.out.bytes for monitoring network so the TOP 5 VALUES will be appear ?

should i use add_fields at processor metricbeat like this ? or maybe you have an advice for me

processors:
  - add_fields:
      target: project
      fields:
        name: myproject
        id: '574734885120952459'

system · April 8, 2022, 4:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.