Add Remote IP address in winlogbeat data

suchand · April 5, 2018, 11:58am

Hi,

I have added the below mutate filter for adding IP address in winlogbeat index.

mutate{
add_field => { "remote_ip" => "%{[@metadata][ip_address]}" }
}

But it's not getting the output as expected. It's showing like this- "remote_ip": "%{[@metadata][ip_address]}",

Can someone please help me to solve this.

magnusbaeck · April 6, 2018, 7:40pm

I don't believe Winlogbeat adds the IP address of the host in the [@metadata][ip_address] field.

suchand · April 7, 2018, 10:15am

Thanks for your reply.

now I am getting only the hostname. How can I get the IP address? Can you please shed some light on this.

magnusbaeck · April 7, 2018, 10:55am

Have a look at the dns filter.

system · May 5, 2018, 10:55am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Add IP Address field using winlogbeat Beats winlogbeat	3	907	September 25, 2019
How to add source ip (device ip) of host to log Beats winlogbeat	1	301	July 1, 2020
Trying to add a field with the ip address of the host Logstash	3	4840	July 6, 2017
How to fetch IP address of using winlogbeat? Beats winlogbeat	9	3396	February 2, 2018
Elasticsearch winlogbeat field host.ip value issue Beats winlogbeat	2	372	December 15, 2020