Add Remote IP address in winlogbeat data

suchand · April 5, 2018, 11:58am

Hi,

I have added the below mutate filter for adding IP address in winlogbeat index.

mutate{
add_field => { "remote_ip" => "%{[@metadata][ip_address]}" }
}

But it's not getting the output as expected. It's showing like this- "remote_ip": "%{[@metadata][ip_address]}",

Can someone please help me to solve this.

magnusbaeck · April 6, 2018, 7:40pm

I don't believe Winlogbeat adds the IP address of the host in the [@metadata][ip_address] field.

suchand · April 7, 2018, 10:15am

Thanks for your reply.

now I am getting only the hostname. How can I get the IP address? Can you please shed some light on this.

magnusbaeck · April 7, 2018, 10:55am

Have a look at the dns filter.

Topic		Replies	Views
How to fetch IP address of using winlogbeat? Beats winlogbeat	9	3543	February 2, 2018
Add IP Address field using winlogbeat Beats winlogbeat	3	1010	September 25, 2019
Trying to add a field with the ip address of the host Logstash	3	5055	July 6, 2017
How to add client ip address in winlogbeat Beats winlogbeat	1	385	August 4, 2020
Getting the IP address of the Winlogbeat host from Logstash Beats winlogbeat	4	2789	August 8, 2016