Hi Everyone,
i have 2+ logstash servers in cluster and i would like to have some tag/flag/whatever which to tell me from which logstash server exactly the message was shipped. I have cases in which one of the logstash servers is not working properly and not sending any messages and i would like to have a tag/label/flag some custom message in the logs so I can understand from which server is coming.
thank you!
If you have the hostname in an environment variable you could use
mutate { add_field => { "someField" => "${HOST}" } }
For env. variables:
Linux: mutate { add_field => { "ls-env" => "${HOSTNAME}" } }
Windows: mutate { add_field => { "ls-env" => "${COMPUTERNAME}" } }
If you have Logstash 8+, it's included in ECS v8, you should get it by default. Check in Ruby debug, you should see, something like this.
{
"@timestamp" => 2022-11-22T02:16:34.832529600Z,
"host" => {
"name" => "somehost"
...
}
mutate { add_field => { "ls-host" => "%{[host][name]}" } }
On older LS versions, you can get by ruby:
ruby {
code => "event.set('ls-host', Socket.gethostname)"
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.