Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

The tag "beats_input_codec_plain_applied" present in every document in Kibana

Tags:

elasticsearch

logstash

kibana

filebeat

I have set up the ELK stack with the version 7.2.0 : filebeat, logstash, elasticsearch & kibana.

When I send my logs to Kibana, I can see a tag "beats_input_codec_plain_applied" in every document.

I search through internet but there is no explanation about why this tag is added.

like image 858
d3vpasha Avatar asked May 13 '20 18:05

d3vpasha

People also ask

What are beats in Kibana?

Beats are open source data shippers that you install as agents on your servers to send operational data to Elasticsearch. Elastic provides Beats for capturing: Beats can send data directly to Elasticsearch or via Logstash, where you can further process and enhance the data, before visualizing it in Kibana.

How do I monitor beats in a Kibana cluster?

If you are monitoring Beats, the Stack Monitoring page in Kibana contains a panel for Beats in the cluster overview. To view an overview of the Beats data in the cluster, click Overview. The overview page has a section for activity in the last day, which is a real-time sample of data.

Should we switch Kibana to use the correct exclude/include syntax?

While this is an issue in Elasticsearch that will be fixed, we should switch Kibana over to use the correct exclude / include syntax since this old syntax is likely going to remain removed in 6.0. We should show a deprecation notice whenever the old syntax is used. I'll create separate issues for this. Sorry, something went wrong.

What are Elasticsearch beats?

What are Beats? edit Beats are open source data shippers that you install as agents on your servers to send operational data to Elasticsearch. Elastic provides Beats for capturing: Beats can send data directly to Elasticsearch or via Logstash, where you can further process and enhance the data, before visualizing it in Kibana.

Video Answer

1 Answers

This seems to be undocumented, but this tag is added to every beats message by logstash beats input, it shows which codec was applied to the beats message, in your case it is the plain codec.

You can remove it in the logstash pipeline using a mutate filter.

mutate {
    remove_tag => ["beats_input_codec_plain_applied"]
}

Or you can disable it in the input configuration by setting the option include_codec_tag to false.

input {
    beats {
        ... your beats input config ...
        include_codec_tag => false
    }
}
like image 164
leandrojmp Avatar answered Oct 07 '22 12:10

leandrojmp
Sign in to Comment

Related questions

Elastic search multiple simple_query_string with boost
Missing data when using unique count and creating an aggregation in Kibana
How to search emoticon/emoji in elasticsearch?
Elasticsearch outputs the score of 1.0 for all results when searching for a single "starred" term
Error using Object Initializer syntax to create MultiMatchQuery
Elasticsearch Multiple Prefix Keywords
How to find Index by Alias in Elasticsearch php client api
Does Spring Data support Elasticsearch 5.x?
Connecting NiFi to ElasticSearch
Index JSON files in elasticsearch using Python?
post request with \n-delimited JSON in python
Elastic Search, Java API: Validation Failed: 1: script or doc is missing;
Custom sorting in Elasticsearch
What match_none is useful for?
Elasticsearch date range query using two fields
Elasticsearch : map date as text?
Spring data elastic search with Java high level rest client [closed]
How to build a free flow search on sql-server database tables?
Elasticsearch how to support transaction involving multiple documents
how to enable xpack.security.enabled?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!