Hi there,
I'm sending some data via filebeat into logstash and have the connections working properly. I'm trying to use the data in beat.hostname to cut out ".local" from a string and store that into a new field called computerName. When trying to do this within the filter for the file I'm not having any luck. My current config looks like this:
filter {
if "macLogin" in [tags] {
if "," not in [message] {
drop { }
}
else {
csv {
add_field => [ "received_at", "%{@timestamp}" ]
columns => [ "action" , "username", "date", "ip" ]
separator => ","
}
mutate {
add_field => [ "computerName", "%{@beat.hostname}" ]
add_field => [ "computerName2", "%{beat.hostname}" ]
gsub => [ "computerName", ".local", "" ]
add_tag => [ "19-filter-computerLogins" ]
}
}
}
}
I'm seeing beat.hostname showing up in kibana as: Glencoe-MBA-2014006.local
computerName is appearing as %{@beat.hostname} and
computerName2 is showing as %{beat.hostname}
Is it not possible to use the beat.hostname fields within a filter?