问题描述

我有一个Elasticsearch集群(ELK)，一些节点使用filebeat将日志发送到logstash.我的环境中的所有服务器都是CentOS 6.5.

I have an elasticsearch cluster (ELK) and some nodes sending logs to the logstash using filebeat. All the servers in my environment are CentOS 6.5.

每个服务器中的filebeat.yml文件由一个Puppet模块强制执行(我的生产服务器和测试服务器都具有相同的配置).

The filebeat.yml file in each server is enforced by a Puppet module (both my production and test servers got the same configuration).

我想在每个文档中都有一个字段，以告诉它是否来自生产/测试服务器.

I want to have a field in each document which tells if it came from a production/test server.

我想在每个文档中使用filebeat.yml文件生成一个动态的自定义字段，以指示环境(生产/测试).

I wanted to generate a dynamic custom field in every document which indicates the environment (production/test) using filebeat.yml file.

为了解决这个问题，我想到了运行一个返回环境的命令(可以通过事实来了解环境)，并将其添加到filebeat.yml文件的"environment"自定义字段下，但是我做不到.找不到任何方法.

In order to work this out i thought of running a command which returns the environment (it is possible to know the environment throught facter) and add it under an "environment" custom field in the filebeat.yml file but I couldn't find any way of doing so.

是否可以通过filebeat.yml运行命令?还有其他方法可以实现我的目标吗?

Is it possible to run a command through filebeat.yml?Is there any other way to achieve my goal?

推荐答案

在您的filebeat.yml中:

In your filebeat.yml:

filebeat:
  prospectors:
    -
      paths:
        - /path/to/my/folder
      input_type: log

      # Optional additional fields. These field can be freely picked
      # to add additional information to the crawled log files
      fields:
        mycustomvar: production

这篇关于生成filebeat自定义字段的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！