How to get IP through metricbeat from Windows systems?

shahid3507 · September 4, 2018, 2:59pm

I am using elk stack and metricbeat for getting metrices from windows machines but as socket metricset is not supported for windows, Is there any way to get IP from windows systems through metricbeat.

Mario_Castro · September 5, 2018, 11:56am

Hi @shahid3507

I'm not fully sure about what you're looking for. Do you need a tag including the IP of each metric to split your graphs by node? In such case, you can enhance exported data by using add_host_metadata processor: https://www.elastic.co/guide/en/beats/filebeat/6.4/add-host-metadata.html

shahid3507 · September 5, 2018, 1:21pm

Yes @Mario_Castro , that is what I exactly want.
But can IP be sent with each and every metricset just like hostname is sent.

Mario_Castro · September 6, 2018, 8:19am

Once you add add_host_metadata, IP should be attached to each metric sent.

Do you have an example of metrics where IP is and isn't attached?

shahid3507 · September 6, 2018, 8:48am

Yes @Mario_Castro , the following is the one with ip

    {
  "_index": "metricbeat-6.4.0-2018.09.06",
  "_type": "logs",
  "_id": "AWWuDZhYkfhBp1BqVA9c",
  "_version": 1,
  "_score": null,
  "_source": {
    "@timestamp": "2018-09-06T08:44:10.230Z",
    "system": {
      "network": {
        "name": "Teredo Tunneling Pseudo-Interface",
        "in": {
          "dropped": 0,
          "errors": 0,
          "bytes": 392904,
          "packets": 4091
        },
        "out": {
          "dropped": 0,
          "bytes": 400140,
          "errors": 0,
          "packets": 3464
        }
      }
    },
    "host": {
      "os": {
        "family": "windows",
        "version": "10.0",
        "build": "14393.2273",
        "platform": "windows"
      },
      "ip": [
        "10.45.0.5",
        "fe80::5efe:a2d:5",
        "2001:0:9d38:78cf:842:c889:a17d:ee8a",
        "fe80::842:c889:a17d:ee8a"
      ],
      "name": "host6-1029384756",
      "id": "4f14c21c-c6c5-493e-bf6e-5018145d95e8",
      "mac": [
        "x:x:x:x:x",
        "00:00:00:00:00:00:00:e0",
        "00:00:00:00:00:00:00:e0"
      ],
      "architecture": "x86_64"
    },
    "beat": {
      "name": "host6-1029384756",
      "hostname": "host6-1029384756",
      "version": "6.4.0"
    },
    "@version": "1",
    "metricset": {
      "name": "network",
      "module": "system"
    },
    "tags": [
      "beats_input_raw_event"
    ]
  },
  "fields": {
    "@timestamp": [
      1536223450230
    ]
  },
  "sort": [
    1536223450230
  ]
}

and the next one is without ip

    {
  "_index": "metricbeat-6.4.0-2018.09.06",
  "_type": "logs",
  "_id": "AWWuDZhYkfhBp1BqVA9e",
  "_version": 1,
  "_score": null,
  "_source": {
    "@timestamp": "2018-09-06T08:44:10.647Z",
    "system": {
      "network": {
        "name": "Ethernet0",
        "in": {
          "dropped": 0,
          "bytes": 42149727,
          "packets": 187986,
          "errors": 0
        },
        "out": {
          "dropped": 0,
          "errors": 0,
          "packets": 207730,
          "bytes": 182044691
        }
      }
    },
    "beat": {
      "name": "host6-1029384756",
      "hostname": "host6-1029384756",
      "version": "6.4.0"
    },
    "host": {
      "name": "host6-1029384756"
    },
    "@version": "1",
    "metricset": {
      "name": "network",
      "module": "system"
    },
    "tags": [
      "beats_input_raw_event"
    ]
  },
  "fields": {
    "@timestamp": [
      1536223450647
    ]
  },
  "sort": [
    1536223450647
  ]
}

Mario_Castro · September 10, 2018, 1:03pm

For me, it seems that the second machine isn't connected to any network and that's why it's not showing up anything. You mentioned that you were shipping data using a socket, right?

system · October 8, 2018, 1:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.