We are using filebeat to collect hadoop / yarn userlogs when running yarn applications.
Currently, our hadoop/yarn setup uses hadoop's authentication mechanisms, and therefore, the userlogs (normally under /var/log/yarn/userlogs/**) we collect from hadoop are owned by individual authenticated users.
Is it possible or would be possible to allow filebeat to collect the username (and perhaps optionally, the group name) that of the user/group of the file owner?
If/when this would be collected, we could then easily filter for individual users when exploring our logs via elasticsearch / kibana....