20 March 2018

Brewing in Beats: Enrich your events with host metadata

By Monica Sarbu

Did you know that Beats 6.2 is already available? Try it and let us know what you think. If you are curious to see the Beats in action, check out the Getting Started with Beats webinar.

Operational Monitoring

Enrich your events with host medata

The add_host_metadata, following the model of add_cloud_metadata or add_kubernetes_metdadata, makes it possible to enrich all events with meta information about the host machine. This can be helpful in case events should be filtered by operating system or architecture for example. The following fields are added by this processor:

  • host.hostname
  • host.id
  • host.architecture (e.g. x86_64, arm, ppc, mips)
  • host.os.platform (e.g. centos, ubuntu, windows)
  • host.os.family (e.g. redhat, debian, freebsd, windows)
  • host.os.version

This processor will be available in all Beats starting with version 6.3.

Metricbeat: Add Munin module

With the Munin module in Metricbeat, Metricbeat can be pointed at any Munin node which implements the basic protocol. With this Metricbeat indirectly supports a long list of existing metric plugins (#1, #2)

This new module will be available in Metricbeat 6.3.

Docs

Repository: elastic/beats

Changes in master:

  • Fix config reload example #6567
  • Add k8s ssl example #6558
  • Remove additional slash in shared-directory-layout #6557
  • Update screens and instructions to match latest version of Kibana #6553
  • [DOCS] Added beats_system user #6541
  • Metricbeat: Add munin module #6517
  • Typos in filebeat.migration documentation #6392


Other changes

Repository: elastic/beats

Filebeat

Changes in master:

  • Mark the system.syslog.message field as text #6589
  • Fix data race in harvester termination #6563
  • Add json.ignore_decoding_error to not log decoding errors #6547
  • Filebeat: Makes registry_file_permission configurable #6455
  • Update Ingest pipelines if enabled #6417
Metricbeat

Changes in master:

  • Fix `state_container` metrics when several containers have the same name #6566
  • Move MongoDB module to GA #6554
  • Use safemapstr.Put for docker labels #6545
  • Send available perfmon data on error #6542
  • Removing beta label from jolokia/jmx metricset #6143
Auditbeat

Changes in master:

  • Enable system tests for auditbeat #5945
Packetbeat

Changes in master:

  • Fix pcap sniffer hanging on exit #6535
Processors

Changes in master:

  • Add host metadata processor #5968
Dashboards

Changes in master:

  • Move Filebeat iis dashboard in correct directory #6559
Testing

Changes in master:

  • Add dashboard test loading for Auditbeat #5938
Packaging

Changes in 5.6:

  • Fix snapshot builds for 5.6 #6549

Repository: elastic/gosigar

Changes in master:

  • Changelog for 0.9.0 #101
  • Adding support for big endian to gosigar #100

Repository: elastic/go-sysinfo

Changes in master:

  • Add darwin amd64 build tags #4