- Heartbeat Reference: other versions:
- Overview
- Getting Started With Heartbeat
- Setting up and running Heartbeat
- Configuring Heartbeat
- Set up monitors
- Specify general settings
- Configure the internal queue
- Configure the output
- Configure index lifecycle management
- Specify SSL settings
- Filter and Enhance the exported data
- Define processors
- Add cloud metadata
- Add fields
- Add labels
- Add the local time zone
- Add tags
- Decode JSON fields
- Drop events
- Drop fields from events
- Keep fields from events
- Rename fields from events
- Add Kubernetes metadata
- Add Docker metadata
- Add Host metadata
- Dissect strings
- DNS Reverse Lookup
- Add process metadata
- Parse data by using ingest node
- Enrich events with geoIP information
- Configure project paths
- Configure the Kibana endpoint
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- Autodiscover
- YAML tips and gotchas
- Regular expression support
- HTTP Endpoint
- heartbeat.reference.yml
- Exported fields
- Monitoring Heartbeat
- Securing Heartbeat
- Troubleshooting
- Contributing to Beats
IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Add Host metadata
editAdd Host metadata
editThis functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
processors: - add_host_metadata: netinfo.enabled: false cache.ttl: 5m geo: name: nyc-dc1-rack1 location: 40.7128, -74.0060 continent_name: North America country_iso_code: US region_name: New York region_iso_code: NY city_name: New York
It has the following settings:
-
netinfo.enabled - (Optional) Default false. Include IP addresses and MAC addresses as fields host.ip and host.mac
-
cache.ttl - (Optional) The processor uses an internal cache for the host metadata. This sets the cache expiration time. The default is 5m, negative values disable caching altogether.
-
geo.name - User definable token to be used for identifying a discrete location. Frequently a datacenter, rack, or similar.
-
geo.location - Longitude and latitude in comma separated format.
-
geo.continent_name - Name of the continent.
-
geo.country_name - Name of the country.
-
geo.region_name - Name of the region.
-
geo.city_name - Name of the city.
-
geo.country_iso_code - ISO country code.
-
geo.region_iso_code - ISO region code.
The add_host_metadata processor annotates each event with relevant metadata from the host machine.
The fields added to the event are looking as following:
{ "host":{ "architecture":"x86_64", "name":"example-host", "id":"", "os":{ "family":"darwin", "build":"16G1212", "platform":"darwin", "version":"10.12.6", "kernel":"16.7.0", "name":"Mac OS X" }, "ip": ["192.168.0.1", "10.0.0.1"], "mac": ["00:25:96:12:34:56", "72:00:06:ff:79:f1"], "geo": { "continent_name": "North America", "country_iso_code": "US", "region_name": "New York", "region_iso_code": "NY", "city_name": "New York", "name": "nyc-dc1-rack1", "location": "40.7128, -74.0060" } } }
Was this helpful?
Thank you for your feedback.