Create New Fields from Metricbeat

personal.riz · March 11, 2022, 4:37am

Hi guys, i want to ask how to create new fields from metricbeat value like host.network.in.bytes for network monitoring.
i want to create query PPL from metricbeat value but the value is null, i think because the value from host.network.in.bytes is not readable, so im trying to create new fields NetworkInbound for host.network.in.bytes but the value isn't appear.

input {
  beats {
    port => 5044
  }
}

filter {
      mutate {
        add_fields=> {"NetworkInbound" => "host.network.in.bytes"}
      }
    }


output {
  elasticsearch{
    hosts => ["100.100.100.100:9200"]
    index => "metricbeat"

after use this metricbeat.conf the value from NetworkInbound only "host.network.in.byes" string not the value like this

my question is : How to create new fields for host.network.in.bytes, host.network.out.bytes for monitoring network so the TOP 5 VALUES will be appear ?

should i use add_fields at processor metricbeat like this ? or maybe you have an advice for me

processors:
  - add_fields:
      target: project
      fields:
        name: myproject
        id: '574734885120952459'

system · April 8, 2022, 4:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Metricbeat - Add a custom field with existing value Beats metricbeat	3	791	February 28, 2020
Metricbeat does not create fields in document Beats metricbeat	2	404	April 11, 2018
Metricbeat fields defaults Beats metricbeat	6	721	October 12, 2017
Drop_fields and the beats.name/.hostname/.version fields Beats metricbeat	6	1079	January 15, 2018
Metricbeat extra fields Beats metricbeat	2	263	August 11, 2020

Create New Fields from Metricbeat

Related topics