filebeat 在向 elasticsearch 发送日志时是否添加元数据?
[英]Does filebeat add metadata while sending logs to elasticsearch?
问题描述
I'm trying to send systemd logs to elasticsearch via filebeat.
我正在尝试通过 filebeat 将 systemd 日志发送到 elasticsearch。 I see the following metadata field in elasticsearch for one of the log entries.对于其中一个日志条目,我在 elasticsearch 中看到以下元数据字段。
"meta" : {
"cloud" : {
"instance_id" : "xxxxxx",
"machine_type" : "xxxxxx",
"instance_name" : "xxxx",
"availability_zone" : "xxxxxx",
"provider" : "xxxxx"
}
},
I was wondering if the above metadata field visible is added by filebeat or its a field picked up by systemd and just forwarded to elasticsearch as is by filebeat?我想知道上面的可见元数据字段是由filebeat添加还是由systemd拾取并像filebeat一样转发到elasticsearch? Is there a way to check that?有没有办法检查? Or does filebeat by default add metadata to logs that it forwards?或者 filebeat 默认是否将元数据添加到它转发的日志中?
1 个解决方案
解决方案1
1 已采纳 2019-11-14 00:55:57
Yes, it does add metadata fields.是的,它确实添加了元数据字段。
Look into your filebeat.yml , you will probably see the two lines below:查看您的filebeat.yml ,您可能会看到以下两行:
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
The host and cloud metadata are enabled per default, if you don't want those fields you just need to comment those lines.默认情况下启用host和cloud元数据,如果您不想要这些字段,您只需要注释这些行。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.