I need to insert a field for each event for the auditbeat data.
That is each document should contain a field "enviornment": "production"
Note: I need a solution not involving Logstash
How can I do this?.
Asked
Active
Viewed 449 times
2
Arun Mohan
- 898
- 3
- 18
- 37
1 Answers
2
you can do this using logstash and the mutate filter plugin. Something like this:
filter {
mutate {
add_field => { "enviornment" => "production" }
}
}
EDIT: without logstash. Since the beats are open source you can edit the beat to mach you specification. But this is clearly a bad solution. Another thing that you can check, is processors. But processors is to keep/drop fields and other tasks. I did not find a processor solution to your case.
For last, you have in the configuration file (yml), one field called fields. Optional fields that you can specify to add additional information to the output. Fields can be scalar values, arrays, dictionaries, or any nested combination of these. By default, the fields that you specify here will be grouped under a fields sub-dictionary in the output document. To store the custom fields as top-level fields, set the fields_under_root option to true.
fields_under_root: true
fields:
enviornment: production
another_field: 1234
andre-lx
- 312
- 3
- 14
-
any solution without logstash?. Only by using Auditbeat – Arun Mohan Jan 23 '19 at 07:11
-
i edit my response to match your question. Please check it out @ArunMohan – andre-lx Jan 23 '19 at 10:26