Hi,
I wonder that is there any plugin or tools to help logstash use the port field to parsing corresponding service name? Like 53/tcp it will parsing the service name "DNS".
Or I need to create a list of port/service, and use other tools to read this list and parsing? If so, could someone tell me how to do in detail.
Appreciate to any reply.
It seems that the translate filter can help you.
This filter will create a new field based on the value of other field.
For example, if you have a field named service with the valu 53/tcp, you could create a translate that will create another field with the value DNS.
I wrote a small blog post a little time ago with an example on how to implement the translate filter, you can check it if you want an example.
This is exactly what I need. Thank you.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.