I don't find the information and I think it's about ECS. I have a really simple config on logtash that uses syslog input, grok parsing and inject into elastic cluster.
But the logs that are shown in kibana contains the host.hostname from the remote machine sending logs to logstash (with syslog). How is this done ? How by default, this information about the hostname is known ? What could cause this information not to be gathered by logstash ?
Thank you !
Ok thank you I can understand why the IP can be known but in here this is the hostname of the machine that is gathered (configure by the command hostnamectl)
The syslog input has a built-in grok pattern configured that will parse your original syslog message, so if the original hostname is present in the syslog message, then it will populate the field host.hostname.
This part of the code tells you which pattern it will use and this is the file with the patterns used.
The value of host.hostname comes from the original message.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.