4 Web servers - 3 are production and 1 is a test server.
All 4 are sending multiple logs to logstash via filebeats. All are using the same log format.
What is the best way to tag each log record as they are processed ?
I want to add multiple tags to log records based on 2 different attributes, 1) Product vs Test 2) which server sent the log. In the case of production to see if there is any anomalies between the servers.
Is this possible in this setup ?
I want to add multiple tags to log records based on 2 different attributes, 1) Product vs Test
Use Filebeat's fields option to add a field that indicates whether the log is on a production or test system. Or you can add a tag instead of a field, that's up to you.
- which server sent the log. In the case of production to see if there is any anomalies between the servers.
There should already be a field with the hostname of the sending server.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.