Adding metadata to the Logging agent for Windows
You can configure the Logging agent to include metadata that is associated to each log line.
Complete the following steps:
Modify the fluentbit configuration
-
Edit the
fluent-bit.conf
file in theC:\Program Files\logs-agent\etc
folder. -
Add custom metadata:
Use
Add meta.<field_name> <custom_value>
to add a new fieldfield_name
with the valuecustom_value
.Use
Copy <log_field_name> <new_field_name>
to add a new fieldnew_field_name
with the value of the fieldlog_field_name
that comes in the log line.[FILTER] Name modify Match winevtlog.* Copy ProviderName subsystemName Add applicationName ${COMPUTERNAME} Add meta.source ${SOURCE} Add meta.channel ${Channel} Add meta.providerName ${ProviderName} Add meta.environment prod # Sample values: prod, staging, dev, qa Add meta.platform windows [FILTER] Name nest Match winevtlog.* Operation nest Wildcard meta.* Nest_under meta Remove_prefix meta.
For example:
Add applicationName ${COMPUTERNAME}
- Sets the field applicationName with the hostname.
Copy ProviderName subsystemName
- Copies the value of the
ProviderName
field into a new field calledsubsystemName
. <meta.key_name>
- Is the name of the metadata field to be added (for example,
meta.env
) and<your_custom_value>
is the value to be assigned to the field (for example, the name of your environment).
-
Save the configuration file.
Restart the agent
Restart the agent to apply the changes.
sc.exe stop fluent-bit && sc.exe start fluent-bit
Verify logs are being delivered to your target destination
Complete the following steps:
-
When your agent is correctly configured, you can see logs through the default dashboard view.