This document describes the fields that are exported by Filebeat. They are grouped in the following categories: ActiveMQ fields. Apache fields. Auditd fields. AWS fields. aws-cloudwatch fields. Azure fields.
fields . Contains user configurable fields . type: object. beat.name. type: alias. alias to: host.name. beat.hostname. type: alias. alias to: agent.hostname. timeseries.instance. Time series instance id..
ECS fields edit. This section defines Elastic Common Schema ( ECS) fields —a common set of fields to be used when storing event data in Elasticsearch. This is an exhaustive list, and fields listed here are not necessarily used by Filebeat . The goal of ECS is to enable and encourage users of Elasticsearch to normalize their event data, so that they …
Filebeat Reference [7.12] » Exported fields » Office 365 fields. « Nginx fields Okta fields ».
This key captures the identifier (typically numeric field ) of a resource pool. type: keyword. rsa.misc.process_id_val. This key is a failure key for Process ID when it is not an integer value. type: keyword. rsa.misc.risk_num_comm. This key captures Risk Number Community. type: double. rsa.misc.risk_num_next. This key captures Risk Number NextGen. type: double, The field contains the file extension from the original request. type: keyword. threatintel.indicator.url.fragment. Portion of the url after the #, such as top. type: keyword. threatintel.indicator.url.full. If full URLs are important to your use case, they should be stored in url.full, whether this field is reconstructed or present in the event source.
This key captures the identifier (typically numeric field ) of a resource pool. type: keyword. rsa.misc.process_id_val. This key is a failure key for Process ID when it is not an integer value. type: keyword. rsa.misc.risk_num_comm. This key captures Risk Number Community. type: double. rsa.misc.risk_num_next. This key captures Risk Number NextGen. type: double, The @timestamp and type fields are always exported, even if they are not defined in the include_fields list. You can decode JSON strings, drop specific fields, add various metadata (e.g. Docker, Kubernetes), and more. You’ll need to define processors in the Filebeat configuration file per input.
4/25/2019 · filebeat add_ fields processor with condition. I’d like to add a field app with the value apache-access to every line that is exported to Graylog by the Filebeat apache module. The following configuration should add the field as I see a event_dataset=apache.access field in Graylog but to does not do anything.
12/7/2015 · There should be two options how to reduce the number of exported fields : Configuration options, by adding configuration options for most common use cases. Generic filtering for… The goal is to configure each Beat not to export all fields .
