I'm using filebeat module and want to use tag so that I can process different input files based on tags. How can I achieve that ? Below tags doesn't seems to work.
modules.d/elasticsearch.yml
- module: elasticsearch
server:
enabled: true
var.paths:
- /var/logs/folder1/*
tags: ["app1"]
filebeat.yml
- type: log
enabled: true
paths:
- /var/logs/folder2/*
scan_frequency: 10s
ignore_older: 4h
tags: ["app2"]
We have a processor you can use to add tags, please see
Add tags | Filebeat Reference [7.13] | Elastic for more details. So basically you can add a processor
- type: log
enabled: true
paths:
- /var/logs/folder2/*
scan_frequency: 10s
ignore_older: 4h
processors:
- add_tags:
tags: [value]
target: "tag name"
Hey, this works for filebeat inputs - but not for modules, correct?
filebeat.modules:
- module: o365
audit:
enabled: true
var.application_id: "x"
var.tenants:
- id: "x"
name: "x"
var.client_secret: "x"
processors:
- add_tags:
tags: ["o365"]
gives me
Exiting: fileset o365/processors is configured but doesn't exist
is there any other way to add tags to module data?
Some modules have a setting called var.tags which accepts a list of tags.
@connectgeeks ,
try to use below code. it will work fine:
By using Fields you can create more fields and you do not need to use tags as well:
- type: log
enabled: true
paths:
- /var/logs/folder2/*
scan_frequency: 10s
ignore_older: 4h
fields:
Field Name1: value 1
Field Name2: value 2
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.