CODEWITHSUNDEEP
elasticsearchlogstashfilebeat
Karl
Karl

Reputation: 3113

How can i add extra fields in ELK Kibana

I am using ELK with kibana.

I am also using filebeat for sending data to Logstash.

The i have created look like this

{
    "mappings": {  
    "_default_": {
                   "properties": {
                                 "msg":{"type":"string", "index":"not_analyzed"}
                                 }
                 },
    "log": {
                   "properties": {
                                 "@timestamp":{"type":"date","format":"strict_date_optional_time||epoch_millis"},
                                 "@version":{"type":"string"},
                                 "beat": {
                                     "properties": {
                                           "hostname":{"type":"string"}, 
                                           "name":{"type":"string"},
                                                    }
                                          },
                                 "count":{"type":"long"},
                                 "host":{"type":"string"},
                                 "input_type":{"type":"string"},
                                 "message":{"type":"string"},
                                 "msg":{"type":"string","index":"not_analyzed"},
                                 "offset":{"type":"long"},
                                 "source":{"type":"string"},
                                 "type":{"type":"string"}

                                 }
                 }
              }
}';

I want to know that just like beat has 2 fields like hostname and name. Is it possible to have add more fields like environment: dev which i can see in kibana so that i can filter messages based on that

Upvotes: 0

Views: 3699

Answers (1)

Val
Val

Reputation: 217594

Yes, you can specify additional fields in your filebeat.yml configuration. Those new fields will be created. You have two options, you can either specify fields and/or fields_under_root.

If you use the former (see below), a new fields subgroup with your custom fields will appear in your document and you will be able to filter messages with fields.environment: dev in Kibana.

fields:
    environment: dev

If you use the latter (see below), your custom fields will appear at the top-level in your document and you will be able to filter messages with environment: dev in Kibana.

fields_under_root: true

Upvotes: 1

Related Questions