Logstash to override meta information

Kathir_J · November 16, 2018, 2:02pm

I have a scenario where logs are created in one machine(say machine A) and sent to another machine(Say machine B) where I execute filebeat to push logs to elasticsearch).

When I try to execute filebeat, it gets the host name as machine B name(which is obviously valid though) and the same is getting visualised in Kibana.

What I want to know is, Is there a way that I can override [beat] [name] or [host] [name ] in logstash config so that it sends the host name as machine A?
I tried the below in logstash pipeline but no luck.

mutate { replace => { '[beat][hostname]' => "%{[obj][val]}" } }

Kathir_J · November 28, 2018, 12:44pm

Any reply would be highly appreciated.

Eniqmatic · November 28, 2018, 1:41pm

What you are trying to do should work:

mutate { replace => { "[beat][hostname]" => "machine_A" } }

system · December 26, 2018, 1:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to replace the value of beat.hostname? Beats filebeat	2	12724	July 22, 2016
Logstash to ignore beat.hostname to set as host , and use logstash server hostname as o/p Logstash	1	469	December 15, 2016
How to use nginx's host overwrite logstash's host information when send it by filebeat? Logstash	1	376	February 15, 2021
Possible to override beat.hostname in local metricbeat Beats metricbeat	5	1765	February 13, 2018
Override index name while using the inbuilt filebeat modules Beats beats-module , filebeat	6	1041	August 10, 2020

Logstash to override meta information

Related topics