Customize fields in filebeat for graylog

marif · April 22, 2019, 12:23pm

I am able to send the logs in graylog now but all fields are showing filebeat defaults fields as per below screenshot…

I want fields like below screenshot…

I have configure it in filebeat.yml but my customize fields and getting updated in Graylog and it is showing all default filebeat fields.

filebeat.yml:

fields_under_root: true
fields.collector_node_id: ip-10-140-126-132.ap-southeast-1.compute.internal
fields.gl2_source_collector: 15709c79-2569-43bc-8679-4166fdd6dcb0


filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /data/logs/changeevent/server.log
  prospectors:
  fields:
     Application: Glassfish
     Buildingblock: changeevent
     Environment: Development
     Source: 10.140.126.132
     input_type: log
     ignore_older: 0
     scan_frequency: 10s
     tail_files: true
output.logstash:
   hosts: ["10.140.127.133:5044"]
path:
  data: /var/lib/graylog-sidecar/collectors/filebeat/data
  logs: /var/lib/graylog-sidecar/collectors/filebeat/log

please check and let me know where i am missing.

tmacgbay · April 22, 2019, 4:36pm

It’s at the bottom of your Beats Input.

marif · April 23, 2019, 9:16am

Thank You!!
It is working but their are many fields are there which i do not want like below screenshot…

Now Fields is getting appended with my customize fields…

Thank you for your help.

tmacgbay · April 23, 2019, 1:57pm

https://www.elastic.co/guide/en/beats/filebeat/current/migration-changed-fields.html

marif · April 24, 2019, 9:50am

Thank You!!!
My second problem is resolved. Now fields prefix is not getting appended.
Still filebeat fields are their which i don’t want. I am trying to find out the way if i can drop these unwanted fields. I checked many article they are suggesting to create the pipeline but pipeline is come into the picture when filebeat send the data. is their any way i can use in filebeat only and do not send filebeat defaults fields to graylog?

here are the unwanted fields…

Thank You for the help!!!

tmacgbay · April 24, 2019, 3:14pm

jan · April 29, 2019, 6:22am

you could create a processing pipeline that drops messages you do not want to have.

Even the rename could be possible in graylog …

system · May 13, 2019, 6:22am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat - adding custom fields does not work for Windows DHCP Server Logs Graylog Central (peer support) filebeat-windows	10	634	September 7, 2023
Filebeat unknown source field Graylog Central (peer support)	9	2182	March 17, 2022
Basic problems with filebeat Graylog Central (peer support) sidecar , filebeat-linux , nosendlogfblx	8	3139	April 21, 2021
Filebeat linux source: unknown Graylog Central (peer support) sidecar , filebeat-linux , nosendlogfblx	6	5925	July 1, 2019
Field names prepended with filebeat in new sidecar Graylog Central (peer support) sidecar	4	2041	March 20, 2019

Customize fields in filebeat for graylog

Related topics