- Elastic Cloud Serverless
- Elasticsearch
- Elastic Observability
- Get started
- Observability overview
- Elastic Observability Serverless billing dimensions
- Create an Observability project
- Quickstart: Monitor hosts with Elastic Agent
- Quickstart: Monitor your Kubernetes cluster with Elastic Agent
- Quickstart: Monitor hosts with OpenTelemetry
- Quickstart: Unified Kubernetes Observability with Elastic Distributions of OpenTelemetry (EDOT)
- Quickstart: Collect data with AWS Firehose
- Get started with dashboards
- Applications and services
- Application performance monitoring (APM)
- Get started with traces and APM
- Learn about data types
- Collect application data
- View and analyze data
- Act on data
- Use APM securely
- Reduce storage
- Managed intake service event API
- Troubleshooting
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure a Synthetics project
- Multifactor Authentication for browser monitors
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Scale and architect a deployment
- Synthetics Encryption and Security
- Troubleshooting
- Application performance monitoring (APM)
- Infrastructure and hosts
- Logs
- Inventory
- Incident management
- Data set quality
- Observability AI Assistant
- Machine learning
- Reference
- Get started
- Elastic Security
- Elastic Security overview
- Security billing dimensions
- Create a Security project
- Elastic Security requirements
- Elastic Security UI
- AI for Security
- Ingest data
- Configure endpoint protection with Elastic Defend
- Manage Elastic Defend
- Endpoints
- Policies
- Trusted applications
- Event filters
- Host isolation exceptions
- Blocklist
- Optimize Elastic Defend
- Event capture and Elastic Defend
- Endpoint protection rules
- Identify antivirus software on your hosts
- Allowlist Elastic Endpoint in third-party antivirus apps
- Elastic Endpoint self-protection features
- Elastic Endpoint command reference
- Endpoint response actions
- Cloud Security
- Explore your data
- Dashboards
- Detection engine overview
- Rules
- Alerts
- Advanced Entity Analytics
- Investigation tools
- Asset management
- Manage settings
- Troubleshooting
- Manage your project
- Changelog
Add a service name to logs
editAdd a service name to logs
editAdding the service.name field to your logs associates them with the services that generate them.
You can use this field to view and manage logs for distributed services located on multiple hosts.
To add a service name to your logs, either:
-
Use the
add_fieldsprocessor through an integration, Elastic Agent configuration, or Filebeat configuration. -
Map an existing field from your data stream to the
service.namefield.
Use the add fields processor to add a service name
editFor log data without a service name, use the add_fields processor to add the service.name field.
You can add the processor in an integration’s settings or in the Elastic Agent or Filebeat configuration.
For example, adding the add_fields processor to the inputs section of a standalone Elastic Agent or Filebeat configuration would add your_service_name as the service.name field:
processors: - add_fields: target: service fields: name: your_service_name
Adding the add_fields processor to an integration’s settings would add your_service_name as the service.name field:
For more on defining processors, refer to define processors.
Map an existing field to the service name field
editFor logs that with an existing field being used to represent the service name, map that field to the service.name field using the alias field type.
Follow these steps to update your mapping:
- Go to Management → Index Management → Index Templates.
- Search for the index template you want to update.
- From the Actions menu for that template, select edit.
- Go to Mappings, and select Add field.
-
Under Field type, select Alias and add
service.nameto the Field name. - Under Field path, select the existing field you want to map to the service name.
- Select Add field.
For more ways to add a field to your mapping, refer to add a field to an existing mapping.
Additional ways to process data
editThe Elastic Stack provides additional ways to process your data:
- Ingest pipelines: convert data to ECS, normalize field data, or enrich incoming data.
- Logstash: enrich your data using input, output, and filter plugins.
On this page