Is there any way we can add the ip address field in the forwarded logs. In windows events, ip address field is empty. It is only having hostname. Is there any way we can parse the ip address using the hostname and add it to the forwarded log using winlogbeat.
Please note all out client is agentless. Windows clients are forwarding logs to a central log collector where winlogbeat is installed. Winlogbeat is forwarding these logs to the elasticsearch.
Hi @JustinJ,
Maybe you should send your log to logstash, it's very practical if you what to add/transform your data.
Mehdi.
Thanks. We dont have logstash. We have ingest nodes and data nodes. Even ingest node has the reverse lookup feature. It is the problem with the windows event logs which doesnt have ip address details
Using logstash it can be done. we can resolve the hostname and add ip address as a field
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.