Hi ,
Is it possible to set the beat.name using if condition based on source field value.
Eg. if source: /user1/logs, then beat.name=USER1_LOGS
else if source:/user2/logs, then beat.name=USER2_LOGS
I need this to differentiate for creating vizualizaton graphs
If not beat.name, any other fields also fine.
Thanks.
Hi ,
Could someone please respond.
Thanks,
No.
Elastic offers support subscriptions with guaranteed response times if this is something you need.
The source is populated with the full path of the log file. That might be an option to differentiate things based on your use case.
Another option would be separate the user1 and user2 logs into their own prospectors and assign each of them a custom field.
filebeat.prospectors:
- paths: [/user1/logs/*.log]
fields_under_root: true
fields: {user: user1}
- paths: [/user2/logs/*.log]
fields_under_root: true
fields: {user: user2}
Thanks a lot Andrew. I will try out and update the result here.
Hi,
I am not able to make this for Filebeat 1.3 . Could you please suggest compatible solution for version 1.3.
For 1.3,
filebeat:
prospectors:
- paths: [/user1/logs/*.log]
fields_under_root: true
fields: {user: user1}
- paths: [/user2/logs/*.log]
fields_under_root: true
fields: {user: user2}
This topic was automatically closed after 21 days. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.