I have set up an ELK stack on one server and filebeat on 2 other servers to send data directly to logstash.
Setup is working fine and I got log result as per need but when I see field sections on Kibana UI (Left side), I see "host.hostname" field which have two servers fqdns (i.e "ip-113-331-116-35.us-east-1.compute.internal", "ip-122-231-123-35.us-east-1.compute.internal" )
I want to set alias or rename those value as Production-1 and Production-2 respectively to show on kibana UI
How can I change those values without breaking anything
If you need any code snippet let me know
Since the field host.hostname is an ECS-field I would not suggest to rename this particular field.
In my opinion you have two choices:
1.) Create a pipeline in Logstash
You can set up a simple pipeline in Logstash where you use the mutate filter plugin and do a add_field operation. This will create a new field on your event with the value of host.hostname. Here's a quick example:
filter{
if [host][hostname]{
mutate{
add_field => { "your_cool_field_name" => "%{[host][hostname]}" }
}
}
}
2.) Setup a custom mapping/index template
You can define field aliases within your custom mappings. I recommend reading this article about field aliases