|
Tip
|
Inputs that collect logs and metrics use this processor by default, so you do not need to configure it explicitly. |
The add_host_metadata processor annotates each event with relevant metadata
from the host machine.
|
Note
|
If you are using {agent} to monitor external system, use the
add_observer_metadata processor instead of
add_host_metadata.
|
- add_host_metadata:
cache.ttl: 5m
geo:
name: nyc-dc1-rack1
location: 40.7128, -74.0060
continent_name: North America
country_iso_code: US
region_name: New York
region_iso_code: NY
city_name: New YorkThe fields added to the event look like this:
{
"host":{
"architecture":"x86_64",
"name":"example-host",
"id":"",
"os":{
"family":"darwin",
"type":"macos",
"build":"16G1212",
"platform":"darwin",
"version":"10.12.6",
"kernel":"16.7.0",
"name":"Mac OS X"
},
"ip": ["192.168.0.1", "10.0.0.1"],
"mac": ["00:25:96:12:34:56", "72:00:06:ff:79:f1"],
"geo": {
"continent_name": "North America",
"country_iso_code": "US",
"region_name": "New York",
"region_iso_code": "NY",
"city_name": "New York",
"name": "nyc-dc1-rack1",
"location": "40.7128, -74.0060"
}
}
}|
Important
|
If host.* fields already exist in the event, they are overwritten by
default unless you set replace_fields to true in the processor
configuration.
|
| Name | Required | Default | Description |
|---|---|---|---|
|
No |
|
Whether to include IP addresses and MAC addresses as fields |
|
No |
|
Sets the cache expiration time for the internal cache used by the processor. Negative values disable caching altogether. |
|
No |
User-definable token to be used for identifying a discrete location. Frequently a data center, rack, or similar. |
|
|
No |
Longitude and latitude in comma-separated format. |
|
|
No |
Name of the continent. |
|
|
No |
Name of the country. |
|
|
No |
Name of the region. |
|
|
No |
Name of the city. |
|
|
No |
ISO country code. |
|
|
No |
ISO region code. |
|
|
No |
|
Whether to replace original host fields from the event. If set |