I am working on stashing jenkins logs using filbeat to ELK stack. I need to add or override "type" in filbeat.yml.
Please find here the logstash.conf logstash.conf.jpg
I need to add or override the "type" (highlighted in red in picture) in my filebeat.yml.
Please find the filebeat.yml here:
filebeat.inputs:
- type: log
enabled: true
paths:
- /opt/app/elk/logs/jenkins.log
multiline.pattern: '^%{MONTH} %{MONTHDAY}, %{YEAR} %{TIME} (AM|PM)'
multiline.negate: true
multiline.match: before
To add a field using filebeat uses the following configuration:
- type: log
paths:
- /path/to/your/files/*.log
fields:
type: your-type
fields_under_root: true
The fields_under_root: true will add the field type in the top-level of the document, if you set it to false, it will add inside the fields object, so you have a field named fields.type.