- Heartbeat Reference: other versions:
- Overview
- Get started
- Set up and run
- Configure
- Monitors
- General settings
- Project paths
- Output
- SSL
- Index lifecycle management (ILM)
- Elasticsearch index template
- Processors
- Define processors
- add_cloud_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_json_fields
- decompress_gzip_field
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- registered_domain
- rename
- truncate_fields
- Autodiscover
- Internal queue
- Logging
- HTTP endpoint
- Regular expression support
- heartbeat.reference.yml
- How to guides
- Exported fields
- Beat fields
- Cloud provider metadata fields
- Common heartbeat monitor fields
- Docker fields
- ECS fields
- Host fields
- HTTP monitor fields
- ICMP fields
- Jolokia Discovery autodiscover provider fields
- Kubernetes fields
- Process fields
- Host lookup fields
- SOCKS5 proxy fields
- Monitor summary fields
- TCP layer fields
- TLS encryption layer fields
- Monitor
- Secure
- Troubleshoot
- Contribute to Beats
IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Add Host metadata
editAdd Host metadata
editprocessors: - add_host_metadata: netinfo.enabled: false cache.ttl: 5m geo: name: nyc-dc1-rack1 location: 40.7128, -74.0060 continent_name: North America country_iso_code: US region_name: New York region_iso_code: NY city_name: New York
It has the following settings:
-
netinfo.enabled - (Optional) Default false. Include IP addresses and MAC addresses as fields host.ip and host.mac
-
cache.ttl - (Optional) The processor uses an internal cache for the host metadata. This sets the cache expiration time. The default is 5m, negative values disable caching altogether.
-
geo.name - (Optional) User definable token to be used for identifying a discrete location. Frequently a datacenter, rack, or similar.
-
geo.location - (Optional) Longitude and latitude in comma separated format.
-
geo.continent_name - (Optional) Name of the continent.
-
geo.country_name - (Optional) Name of the country.
-
geo.region_name - (Optional) Name of the region.
-
geo.city_name - (Optional) Name of the city.
-
geo.country_iso_code - (Optional) ISO country code.
-
geo.region_iso_code - (Optional) ISO region code.
The add_host_metadata processor annotates each event with relevant metadata from the host machine.
The fields added to the event look like the following:
{ "host":{ "architecture":"x86_64", "name":"example-host", "id":"", "os":{ "family":"darwin", "build":"16G1212", "platform":"darwin", "version":"10.12.6", "kernel":"16.7.0", "name":"Mac OS X" }, "ip": ["192.168.0.1", "10.0.0.1"], "mac": ["00:25:96:12:34:56", "72:00:06:ff:79:f1"], "geo": { "continent_name": "North America", "country_iso_code": "US", "region_name": "New York", "region_iso_code": "NY", "city_name": "New York", "name": "nyc-dc1-rack1", "location": "40.7128, -74.0060" } } }
Was this helpful?
Thank you for your feedback.