Logtrail hostname selection not working with filebeat. logtrail-7.9.0-0.1.31

[mindcurv-vishnu]

ELK stack is on version 7.9.0

logtrail.json

{ "index_patterns" : [ { "es": { "default_index": "filebeat*", "allow_url_parameter": false }, "tail_interval_in_seconds": 10, "es_index_time_offset_in_seconds": 0, "display_timezone": "local", "display_timestamp_format": "MMM DD HH:mm:ss", "max_buckets": 500, "default_time_range_in_days" : 0, "max_hosts": 100, "max_events_to_keep_in_viewer": 5000, "fields" : { "mapping" : { "timestamp" : "@timestamp", "display_timestamp" : "@timestamp", "hostname" : "beat.hostname", "program": "type", "message": "message" }, "message_format": "{{{message}}}", "keyword_suffix" : "" } } ] }

My sample document is as below. { "_index" : "filebeat-2020.09.15", "_type" : "_doc", "_id" : "WcIokHQBw81vR0Qgj2", "_score" : 1.0, "_source" : { "tags" : [ "beats_input_codec_plain_applied", "_geoip_lookup_failure", "grokked" ], "input" : { "type" : "log" }, "@version" : "1", "log" : { "offset" : 199528716, "file" : { "path" : "/var/log/sync_hybris_images.log" } }, "ecs" : { "version" : "1.5.0" }, "message" : "20190604:111001: INFO : Completed sitemap sync ", "host" : { "name" : "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }, "agent" : { "type" : "filebeat", "hostname" : "xxxxxxxxxxxxxxxx", "ephemeral_id" : "3c7f7689-5fe4-453c-9fb2-6acd47310582", "id" : "e1c9b33b-f57f-4f19-ac6c-2ab906c8cf4b", "name" : "xxxxxxxxxxxxxxxxxxxxxxxx", "version" : "7.9.0" }, "logstash_timestamp" : "2020-09-15T05:06:47.313Z", "@timestamp" : "2020-09-15T05:06:47.313Z" } },

I have tried with keyword_suffix empty and also with keyword but nothing works.

[mindcurv-vishnu]

Issue got fixed after using the below based on my index document.

host: "host.name"

keyword: "keyword"

https://github.com/sivasamyk/logtrail/issues/351 helped. Thank you