Filebeat add_fields processor

fgjensen · December 8, 2021, 12:29pm

I reviewed my implementation and must admit I had an error.

This works for the add_fields processor and the dissect processor in a filestream input.

    processors:
      - add_fields:
          target: ''
          fields:
            event.dataset: "cas.log"
      - if:
          regexp:
            message: '\s\bWARN\s|\s\bERROR\s' # Fetch WARN or ERROR levels into the log.level field
        then:
          - dissect:
              tokenizer: "%{} %{log.level} %{}"
              field: "message"
              target_prefix: ''
              ignore_failure: true
              ignore_missing: true
              overwrite_keys: true

Thanks for your help.

Best regards
Flemming

Topic		Replies	Views
What is the difference between processor add_fields and regular "fields:" Beats filebeat	3	579	November 26, 2019
Add_fields processor not working Beats	2	602	September 7, 2019
Filebeat processor syntax 7.12.1 Beats filebeat	13	1054	June 6, 2021
Add fields do not work Winlogbeat Beats winlogbeat	2	377	June 7, 2022
Custom field name not showing in Filebeat Beats filebeat	4	964	January 15, 2020

Filebeat add_fields processor

Related topics