Fields Input

Goyal.vikas87 · September 5, 2018, 12:20pm

I want to to add a custom field in my all events using FIELDS input in filebeat.yml. Please confirm how I can parameterize the value of the custom field and if possible can I extractt some part of the _source field of the event.

For example:

_source of event 1 = /a/b/job_id1
_source of event 2= /a/b/job_id2

Expected output of fields values:

Say custom field defined in filebeat.yml is JOB ID.

Event 1:
JOB ID = job_id1

Event 2:
JOB ID = job_id2

Please help me if above scenarios can be achieved and if yea then how.

Thanks in advance.

kvch · September 5, 2018, 12:41pm

Yes you can. There is the doc on how you can refer fields from events: https://www.elastic.co/guide/en/beats/libbeat/current/config-file-format-type.html#_format_string_sprintf

May I ask why do you want to add source field to your events? It's already added to every event by Filebeat. So there is no need to add it to your config.

Goyal.vikas87 · September 5, 2018, 12:46pm

I do not want to add complete source field but want to extract part of it in other custom field. In my case, source field is different in every event and want to extract that different part in my custom field using parameter.

system · October 3, 2018, 12:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How can i pass a extra field Beats	4	297	August 10, 2018
How do I add a Custom Field to FileBeat with a Module? Beats filebeat	2	8349	January 5, 2021
Creating dynamic index name with Filebeat based on custom event field fails Beats filebeat	2	461	January 5, 2024
Add custom field and its value needs to be derived from one of the source field Kibana	3	917	June 3, 2021
Define custom fields on root level when using multiple config yml files Beats filebeat	2	884	March 18, 2020

Fields Input

Related Topics