I have a use case where I would like to append a field to each log message that is processed by filebeat. The value would be based upon the type of log read by filebeat.
For instance, lets say I have 3 log types: typeA, typeB, typeC. When filebeat recognizes an update to log type A, it appends a typeA value to each message before output the message.
I have a basic filebeat.yml configured and running, but I cannot figure out how to append data to each message.
Grateful for any insight. thanks
Take a look at "Common Options" under filebeat docs for file input. Their is an option to add fields to your messages: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-log.html#filebeat-input-log-fields
Here is a sample snippet:
filebeat.inputs:
- type: log
path: /path_to_your_typeA
fields:
name_of_your_additional_field: typeA
You can also use "tags" instead of fields, if you do not want to indulge in key/val option.