logstash and rsyslog sends wrong hostname

Question

I'm setting up a centralised logging system, comprising two VM's.

Logger, which acts as the central syslog collector (using rsyslog) and Logstash processor; and
Searcher, which acts as the Elasticsearch and Kibana host.

I have syslogs from my Wifi controller sent to logger, and being filed in /var/log/remote/wificontroller/*.log

Logstash is processing these logs, and they appear in Kibana.

However, they all have the hostname 'logger' not 'wificontroller', when the logs appear in Kibana. How can I have them sent with the correct hostname?

Many thanks, James

you may need to massage data as it coming in through logstash' pipeline (filter area) — alexus, Jul 23 '19 at 16:31

score 0 · Accepted Answer · answered Jul 23 '19 at 16:51

0

You need a filter step in your config file to mutate your events during the processing :

filter {
  mutate {
    replace => [ "source", "%{wifi_controller}" ]
    }
}

I don't know how your events are structured, but if the controllers hostname is not in a specific field, you'll probably have to dissect or grok the logs.

answered Jul 23 '19 at 16:51

Swisstone

6,357
7
21
32

1

Excellent - did just the job, thanks! – James Dore Jul 26 '19 at 13:57

logstash and rsyslog sends wrong hostname

1 Answers1