- Winlogbeat Reference: other versions:
- Overview
- Getting Started With Winlogbeat
- Setting up and running Winlogbeat
- Upgrading Winlogbeat
- Configuring Winlogbeat
- Set up Winlogbeat
- Specify general settings
- Configure the internal queue
- Configure the output
- Configure index lifecycle management
- Specify SSL settings
- Filter and Enhance the exported data
- Define processors
- Add cloud metadata
- Add fields
- Add labels
- Add the local time zone
- Add tags
- Decode JSON fields
- Drop events
- Drop fields from events
- Keep fields from events
- Rename fields from events
- Add Kubernetes metadata
- Add Docker metadata
- Add Host metadata
- Dissect strings
- DNS Reverse Lookup
- Add process metadata
- Parse data by using ingest node
- Enrich events with geoIP information
- Configure project paths
- Configure the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- HTTP Endpoint
- winlogbeat.reference.yml
- Exported fields
- Monitoring Winlogbeat
- Securing Winlogbeat
- Troubleshooting
- Contributing to Beats
Add cloud metadata
editAdd cloud metadata
editThe add_cloud_metadata processor enriches each event with instance metadata
from the machine’s hosting provider. At startup it will detect the hosting
provider and cache the instance metadata.
The following cloud providers are supported:
- Amazon Web Services (AWS)
- Digital Ocean
- Google Compute Engine (GCE)
- Tencent Cloud (QCloud)
- Alibaba Cloud (ECS)
- Azure Virtual Machine
- Openstack Nova
The simple configuration below enables the processor.
processors: - add_cloud_metadata: ~
The add_cloud_metadata processor has two optional configuration settings.
The first one is timeout which specifies the maximum amount of time to wait
for a successful response when detecting the hosting provider. The default
timeout value is 3s.
If a timeout occurs then no instance metadata will be added to the events. This makes it possible to enable this processor for all your deployments (in the cloud or on-premise).
The second optional configuration setting is overwrite. When overwrite is
true, add_cloud_metadata overwrites existing cloud.* fields (false by
default).
The metadata that is added to events varies by hosting provider. Below are examples for each of the supported providers.
AWS
{ "cloud": { "availability_zone": "us-east-1c", "instance_id": "i-4e123456", "machine_type": "t2.medium", "provider": "aws", "region": "us-east-1" } }
Digital Ocean
{ "cloud": { "instance_id": "1234567", "provider": "digitalocean", "region": "nyc2" } }
GCP
{ "cloud": { "availability_zone": "us-east1-b", "instance_id": "1234556778987654321", "machine_type": "f1-micro", "project_id": "my-dev", "provider": "gcp" } }
Tencent Cloud
{ "cloud": { "availability_zone": "gz-azone2", "instance_id": "ins-qcloudv5", "provider": "qcloud", "region": "china-south-gz" } }
Alibaba Cloud
This metadata is only available when VPC is selected as the network type of the ECS instance.
{ "cloud": { "availability_zone": "cn-shenzhen", "instance_id": "i-wz9g2hqiikg0aliyun2b", "provider": "ecs", "region": "cn-shenzhen-a" } }
Azure Virtual Machine
{ "cloud": { "provider": "az", "instance_id": "04ab04c3-63de-4709-a9f9-9ab8c0411d5e", "instance_name": "test-az-vm", "machine_type": "Standard_D3_v2", "region": "eastus2" } }
Openstack Nova
{ "cloud": { "provider": "openstack", "instance_name": "test-998d932195.mycloud.tld", "availability_zone": "xxxx-az-c", "instance_id": "i-00011a84", "machine_type": "m2.large" } }