I am reading logs from FIleBeat > Logstash > ElasticSearch
I am only able to capture FileBeat client systems hostname, but I want IP address not hostname. Unable to find working solution in this forum and internet.
Please help
Check related issue on logstash-input-beats repo: https://github.com/logstash-plugins/logstash-input-beats/issues/180
I am using v5.5, Now i added these lines.
mutate {
add_field => { "remote_ip" => "%{[@metadata][ip_address]}" }
}
but didnt worked, or do i need to modify beats.rb & message_listener.rb etc
do i need to install some plugins etc
Please provide sample code that would help
The change is not included in 5.5.
Please read this comment for more details: https://github.com/logstash-plugins/logstash-input-beats/issues/180#issuecomment-315112280
Thanks Steffen, I have downloaded and tried to install plugin in many ways but unable to install it.
D:\UAT\logstash550\bin>logstash-plugin install --version "4.0.3" logstash-input-beats-master.zip
ERROR: Something went wrong when installing logstash-input-beats-master.zip, message: certificate verify failed
D:\UAT\logstash550\bin>logstash-plugin install --version "4.0.3" logstash-input-beats-master
ERROR: Something went wrong when installing logstash-input-beats-master, message: certificate verify failed
D:\UAT\logstash550\bin>logstash-plugin install --version "4.0.3" file:///d:/uat/logstash550/bin/logstash-input-beats-master.zip
Installing file: /d:/uat/logstash550/bin/logstash-input-beats-master.zip
ERROR: Invalid pack for: file:///d:/uat/logstash550/bin/logstash-input-beats-master.zip, reason: The pack must contains at least one plugin, message: The p
ack must contains at least one plugin
D:\UAT\logstash550\bin>logstash-plugin install --version "4.0.3" file:///d:/uat/logstash550/bin/logstash-input-beats-master
ERROR: Invalid pack for: file:///d:/uat/logstash550/bin/logstash-input-beats-master, reason: Invalid format, the pack must be in zip format, message: Inval
id format, the pack must be in zip format
D:\UAT\logstash550\bin>logstash-plugin install file:///d:/uat/logstash550/bin/logstash-input-beats-master.zip
Installing file: /d:/uat/logstash550/bin/logstash-input-beats-master.zip
ERROR: Invalid pack for: file:///d:/uat/logstash550/bin/logstash-input-beats-master.zip, reason: The pack must contains at least one plugin, message: The p
ack must contains at least one pluginAnother way is to send the IP address by mentioning it on filebeat conf itself , same can be done as below. By this you need to define the IP to the conf file manually while writing the filebeat yml.
Thanks Prashant, I will not be able to hard code it in conf file, as we have approx 100+ servers.
I have no idea about dealing with conflicts when updating logstash plugins. Please check the logstash forum. I think logstash is using rubygems for download via HTTPS (which might be the reason for the certificate error).