Besides other stuff in the log file I have a host value which I want to still be present after the logs pass through filebeat {"host": "123"}. Instead of the complex JSON object under "host" which can be seen in the first code snippet I would want to have something like in the second code snippet where it is "host": "123".
Complex "host" object:
{
"@timestamp": "2024-03-20T13:33:25.932Z",
"@metadata": {
"beat": "filebeat",
"type": "_doc",
"version": "8.11.0"
},
"host": {
"hostname": "aaaaaaaaaaaa",
"architecture": "x86_64",
"os": {
"family": "debian",
"name": "Ubuntu",
"kernel": "5.10.102.1-microsoft-standard-WSL2",
"codename": "focal",
"type": "linux",
"platform": "ubuntu",
"version": "20.04.6 LTS (Focal Fossa)"
},
"containerized": true,
"ip": [
"1.1.1.1"
],
"mac": [
"00-00-00-00-00-00"
],
"name": "aaaaaaaaaaaa"
},
"agent": {
"ephemeral_id": "42aa9a31-f251-420f-9e2c-b1aaea30da4a",
"id": "2fa6eee8-a5d3-40a5-8c2d-406ee3670369",
"name": "aaaaaaaaaaaa",
"type": "filebeat",
"version": "8.11.0"
},
"ecs": {
"version": "8.0.0"
},
"log": {
"offset": 50,
"file": {
"path": "/logs.txt"
}
},
"message": "{\"host\": \"123\"} ",
"input": {
"type": "log"
}
}
"host" object value from message
{
"@timestamp": "2024-03-20T13:33:25.932Z",
"@metadata": {
"beat": "filebeat",
"type": "_doc",
"version": "8.11.0"
},
"host": "123",
"agent": {
"ephemeral_id": "42aa9a31-f251-420f-9e2c-b1aaea30da4a",
"id": "2fa6eee8-a5d3-40a5-8c2d-406ee3670369",
"name": "aaaaaaaaaaaa",
"type": "filebeat",
"version": "8.11.0"
},
"ecs": {
"version": "8.0.0"
},
"log": {
"offset": 50,
"file": {
"path": "/logs.txt"
}
},
"message": "{\"host\": \"123\"} ",
"input": {
"type": "log"
}
}