elastic · mdbirnstiehl · Jul 22, 2024 · Jul 9, 2024 · Jul 9, 2024 · Jul 10, 2024
@@ -0,0 +1,57 @@
+---
+slug: /serverless/observability/add-logs-service-name
+title: Add a service name to logs
+description: Learn how to add a service name field to your logs.
+tags: [ 'serverless', 'observability', 'overview' ]
+---
+
+Adding the `service.name` field to your logs associates them with the services that generate them.
+You can use this field to view and manage logs for distributed services located on multiple hosts.
+If you've enabled Elastic's new experience, adding a service name also associates your logs with a service in the <DocLink slug="/serverless/observability/apm-services">Services inventory</DocLink>.
+
+To add a service name to your logs, either:
+
+- Use the `add_fields` processor through an integration, ((agent)) configuration, or ((filebeat)) configuration.
+- Map an existing field from your data stream to the `service.name` field.
+
+## Use the add fields processor to add a service name
+For log data without a service name, use the [`add_fields` processor](((fleet-guide))/add_fields-processor.html) to add the `service.name` field.
+You can add the processor in an integration's settings or in the ((agent)) or ((filebeat)) configuration.
+
+For example, adding the `add_fields` processor to the inputs section of a standalone ((agent)) or ((filebeat)) configuration would add `your_service_name` as the `service.name` field:
+
+```console
+processors:
+    - add_fields:
+        target: service
+        fields:
+            name: your_service_name
+```
+
+Adding the `add_fields` processor to an integration's settings would add `your_service_name` as the `service.name` field:
+
+<DocImage size="2" url="../images/add-field-processor.png" alt="Add the add_fields processor to an integration" />
+
+For more on defining processors, refer to [define processors](((fleet-guide))/elastic-agent-processor-configuration.html).
+
+## Map an existing field to the service name field
+
+For logs that with an existing field being used to represent the service name, map that field to the `service.name` field using the [alias field type](((ref))/field-alias.html).
+Follow these steps to update your mapping:
+
+1. Go to **Management** → **Index Management** → **Index Templates**.
+1. Search for the index template you want to update.
+1. From the **Actions** menu for that template, select **edit**.
+1. Go to **Mappings**, and select **Add field**.
+1. Under **Field type**, select **Alias** and add `service.name` to the **Field name**.
+1. Under **Field path**, select the existing field you want to map to the service name.
+1. Select **Add field**.
+
+For more ways to add a field to your mapping, refer to [add a field to an existing mapping](((ref))/explicit-mapping.html#add-field-mapping.html).
+
+## Additional ways to process data
+
+The ((stack)) provides additional ways to process your data:
+
+- **[Ingest pipelines](((ref))/ingest.html):** convert data to ECS, normalize field data, or enrich incoming data.
+- **[Logstash](((logstash-ref))/introduction.html):** enrich your data using input, output, and filter plugins.
@@ -70,6 +70,11 @@
           "classic-sources": ["enObservabilityMonitorDatasets"],
           "classic-skip": true
         },
+        {
+          "slug": "/serverless/observability/add-logs-service-name",
+          "classic-sources": ["enObservabilityAddLogsServiceName"],
+          "classic-skip": true
+        },
         {
           "slug": "/serverless/observability/run-log-pattern-analysis",
           "classic-sources": ["enKibanaRunPatternAnalysisDiscover"]