Hello,
I'm using the below pipeline to index data to Elasticsearch (Elastic 7.8.0 is used).
Auditbeat -> Logstash -> Elasticsearch
Using the below mutate filter I'm able to copy the IP address from metadata to a new field called test.ip which is working fine.
mutate {
copy => {"[@metadata][ip_address]" => "[test][ip]"}
}
But, when I introduced a Kafka into the pipeline as shown below.
Auditbeat -> Kafka -> Logstash -> Elasticsearch
I'm not getting the IP address in test.ip field, instead my metadata field contains only below fields.
"@metadata": {
"beat": "auditbeat",
"type": "_doc",
"version": "7.8.0"
}
The ip_address from metadata field exist only if the pipeline is Auditbeat -> Logstash ?
How I can capture the host ip address, since my Auditbeat -> Elasticsearch pipeline data does not contain my public ip for geo ip informations ?