I am running Edge Nodes on our EC2 instances.
When reviewing internal fields from our File Collector sources, I noticed that there is alot of really useful data that our SREs use to investigate which regions & servers are experiencing issues during incidents.
These include:
- AMI image
- Region
- Availability Zone
- Architecture
- Public IP
- Private IP
I'd like to extract these internal fields as event fields that get sent to our destinations. What is the simplest way to do that?
Hi Dean,
It sounds like an pre-processing pipeline that includes an eval function will do the trick. I took a few screenshots from the lab to help you along.
2. Create a new pipeline that can be assigned as the source's pre-processing pipeline
3. Create an eval function in your new pipeline
4. Configure your eval function like this:
Filter: true (to catch all events) - or -
Filter: source.includes('file') ( to filter by file)
Eval:
5. Add this new pipeline to your source (after testing)
6. Commit & Deploy to save changes
I hope that this helps
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.