Usecase:
I have a test service instance on a host where a log-stash agent is configured. This logs are stashed to a common elastic server. Now this will be test service instance will be cleaned up and another test service instance will be installed and log-stash agent is reconfigured against the same elastic server. Now my question is whether there is a way to say that the logs from same host shown in elastic server are from specific test instance(with unique id).
You could add a tag or other field to the events originating on the test instance. A mutate filter would do.
Thanks. Can you please quote me some examples.
The mutate filter's documentation contains examples.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.