i have icingabeat set up from a master to a kafka cluster and am trying to set the severity to be text and not number e.g. 0=OK, 1=WARNING, 2=CRITICAL. i’m trying to set a processor to add/set the field but get an error that the add_field processor is not found:
2021-01-25T14:25:18.560Z INFO instance/beat.go:278 Setup Beat: icingabeat; Version: 6.5.4
2021-01-25T14:25:18.561Z ERROR instance/beat.go:800 Exiting: error initializing publisher: error initializing processors: the processor add_fields doesn’t exist
Exiting: error initializing publisher: error initializing processors: the processor add_fields doesn’t exist
failed!
here’s the snippet from the icingabeat.yml:
processors:
- rename:
fields:
- from: "icinga.check_result.state"
to: "icinga.chk_state"
- add_fields:
when:
equals:
icinga.chk_state: 2
fields:
icinga.chk_status: "CRITICAL"
i’m new to beat related things but the documentation i’ve read says this is possible - what am i missing? or is there another way to get the text of the severity instead of the number?