I want to to add a custom field in my all events using FIELDS input in filebeat.yml. Please confirm how I can parameterize the value of the custom field and if possible can I extractt some part of the _source field of the event.
For example:
_source of event 1 = /a/b/job_id1
_source of event 2= /a/b/job_id2
Expected output of fields values:
Say custom field defined in filebeat.yml is JOB ID.
Event 1:
JOB ID = job_id1
Event 2:
JOB ID = job_id2
Please help me if above scenarios can be achieved and if yea then how.
May I ask why do you want to add source field to your events? It's already added to every event by Filebeat. So there is no need to add it to your config.
I do not want to add complete source field but want to extract part of it in other custom field. In my case, source field is different in every event and want to extract that different part in my custom field using parameter.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.