filebeat tomcat module and collect webapps logs files

Question

I just installed filebeat on my remote server to collect logs by an app. Everything seems OK. The ELK stack retrieves the info and I can view it via Kibana. Today, I want to collect the logs generated by 2 webapps hosted on the same tomcat server. I want to be able to add a field to allow me to create a filter on it on Kibana

I am using the tomcat.yml module which I want to rename as webapp1.yml and webapp2.yml. In each of these files, I will add a field that corresponds to the name of my webapp

webapp1.yml

- module: tomcat
  log:
    enabled: true
    var.input: file
    var.paths:
       - c:\app\webapp1.log
    var.rsa_fields: true    
    **var.rsa.misc.context: webapp1**

webapp2.yml

- module: tomcat
  log:
    enabled: true
    var.input: file
    var.paths:
       - c:\app\webapp2.log
    var.rsa_fields: true    
    **var.rsa.misc.context: webapp2**

But, logstash index do not recognized this new field context How can i solve this ?

Thanks for help me

score 0 · Answer 1 · answered Jan 18 '22 at 17:56

So, i find the solution...

- module: tomcat
  log:
    enabled: true
    var.input: file
    var.paths:
       - c:\app\webapp1.log
    # Toggle output of non-ECS fields (default true).
    #var.rsa_fields: true
    input:
        processors:
            - add_fields:
                target: fields
                fields:
                    application-name: webapp1

filebeat tomcat module and collect webapps logs files

1 Answers1