elastic · mdbirnstiehl · Aug 6, 2024 · Aug 5, 2024 · Aug 6, 2024 · Aug 6, 2024
@@ -0,0 +1,62 @@
+[[add-logs-service-name]]
+= Add a service name to logs
+
+Adding the `service.name` field to your logs associates them with the services that generate them.
+You can use this field to view and manage logs for distributed services located on multiple hosts.
+If you've enabled Elastic's new experience, adding a service name also associates your logs with a service in the {kibana-ref}/services.html[Services inventory].
+
+To add a service name to your logs, either:
+
+* Use the `add_fields` processor through an integration, {agent} configuration, or {filebeat} configuration.
+* Map an existing field from your data stream to the `service.name` field.
+
+[discrete]
+[[use-the-add-fields-processor-to-add-a-service-name]]
+== Use the add fields processor to add a service name
+
+For log data without a service name, use the {fleet-guide}/add_fields-processor.html[add_fields processor] to add the `service.name` field.
+You can add the processor in an integration's settings or in the {agent} or {filebeat} configuration.
+
+For example, adding the `add_fields` processor to the inputs section of a standalone {agent} or {filebeat} configuration would add `your_service_name` as the `service.name` field:
+
+[source,console]
+----
+processors:
+    - add_fields:
+        target: service
+        fields:
+            name: your_service_name
+----
+
+Adding the `add_fields` processor to an integration's settings would add `your_service_name` as the `service.name` field:
+
+[role="screenshot"]
+image::../images/add-field-processor.png[Add the add_fields processor to an integration]
+
+For more on defining processors, refer to {fleet-guide}/elastic-agent-processor-configuration.html[define processors].
+
+[discrete]
+[[map-an-existing-field-to-the-service-name-field]]
+== Map an existing field to the service name field
+
+For logs that with an existing field being used to represent the service name, map that field to the `service.name` field using the {ref}/field-alias.html[alias field type].
+Follow these steps to update your mapping:
+
+. From the main {kib} menu, go to **Stack Management** → **Index Management** → **Index Templates**.
+. Search for the index template you want to update.
+. From the **Actions** menu for that template, select **Edit**.
+. Go to **Mappings**, and select **Add field**.
+. Under **Field type**, select **Alias** and add `service.name` to the **Field name**.
+. Under **Field path**, select the existing field you want to map to the service name.
+. Select **Add field**.
+
+For more ways to add a field to your mapping, refer to {ref}/explicit-mapping.html#add-field-mapping.html[add a field to an existing mapping].
+
+[discrete]
+[[additional-ways-to-process-data]]
+== Additional ways to process data
+
+The {stack} provides additional ways to process your data:
+
+* **{ref}/ingest.html[Ingest pipelines]:** convert data to ECS, normalize field data, or enrich incoming data.
+* **{logstash-ref}/introduction.html[Logstash]:** enrich your data using input, output, and filter plugins.