incorrect hostname on logstash from vms created from image template

asked 2015-04-03 08:30:52 -0500

nutshi
43 ●11 ●16 ●19

up vote 0 down vote favorite

There are the steps i have taken so far:- 1)created a image template from a vm 2) spin new vms from that image 3) each vm (and the image) had logstash forwarder running on it

Now the issue is when i check in logstash all messages are coming under the same hostname of the image-vm.

Say I created the image from vm whose hostname is "test" All new vms (even though they have a different hostname) are sending messages with host="test"

any pointers ? where i need to fix the hostname so that image-hostname is wiped by currect hostname ?

edit retag flag offensive close merge delete

add a comment

0

answered 2015-04-03 09:37:27 -0500

nutshi
43 ●11 ●16 ●19

I am not actually setting the host explicitly for logstash anywhere but i would certainly need hostnames. I am not sure from where logstah picks up the hosts. The log message has a hostname which is correct since i set it explicitly

As you can see below "nj-test9-19" is the correct name but logstash thinks its coming from host "nj-test-3.novalocal"

type: benchmark type.raw: message: TIME: 2015_04_03__10_00_01 HOSTNAME:nj-test9-19 SCORE :607.2 @version: 1 @timestamp: April 3rd 2015, 05:56:33.512 file: /home/centos/ubtest.log host: nj-test-3.novalocal offset: 189

received_at: 2015-04-03 10:56:33 UTC _source: {"message":" TIME: 2015_04_03__10_00_01 HOSTNAME:nj-test9-19 SCORE :607.2","@version":"1","@timestamp":"2015-04-03T10:56:33.512Z","type":"benchmark","file":"/home/centos/ubtest.log","host":"nj-test-3.novalocal","offset":"189","ub_message":"TIME: 2015_04_03__10_00_01 HOSTNAME:nj-test9-19 SCORE :607.2","received_at":"2015-04-03 10:56:33 UTC"} _id: LBo2GeaOTdef953nQG3DFw _type: benchmark _index: logstash-201