Sidecar + Winlogbeat: source field with FQDN possible and not only short hostname?

[flotpg]

Question

Pobably someone can help me with winlogbeat. I use the Graylog Integration in LibreNMS (an SNMP Monitoring tool). It fetches logs via Graylog API and matches fetched logs with the source field of graylog/elastic search. Winblogbeat populates the source field with it's hostname (short, not FQDN) and in my LibreNMS monitoring the the names are FQDN < so NO MATCH.

I tried various options in my winlogbeat config llike fields.source: {host.name} but they always get me the short hostname. Is it possible to use ENV variables of the windows host like: %COMPUTERNAME%.%USERDNSDOMAIN% > server01.domain.local

Many thanks and best regards, Flo.

# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
fields.source: ${sidecar.nodeName}

output.logstash:
   hosts: ["graylog.de.tpg.local:5044"]
path:
  data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data
  logs: C:\Program Files\Graylog\sidecar\logs
tags:
 - windows
winlogbeat:
  event_logs:
   - name: Application
   - name: System
   - name: Security
   - name: Directory Service
   - name: DNS Server
   - name: Microsoft-Windows-PrintService/Operational
   - name: Kaspersky Event Log

Environment

• Sidecar Version: 1.1.0
• Operating System: windows server 2016, 20019

[bernd]

We are using GitHub issues for tracking bugs in Graylog itself, but this doesn't look like one. Please post this issue to our discussion forum.

Thank you!