Can logstash tagging help me here?

(R) #1

Hi there,

I have file something like this; a dict file probably. Lets say doms.yaml Emotet Emotet Emotet Phishing Phishing RAT Ransomware APT cryptomining

And then I am parsing bind logs using logstash with field particularly

So here how do I tag the message as soon as a any domain is found from doms.yaml file? Like

If is found and parsed by logstash it should tag APT OR is found shld be tagged by name RANSOMWARE and so on..

Can someone please help?

Thanks and Regards,
Blason R

(Christian Dahlqvist) #2

I think you should be able to use the translate filter for this.

(R) #3

hmm...I am wondering how? But any way let me dig further or would really appreciate if you can give me a small hint.


Thanks and Regards,
Blason R

(R) #4

OK - Thanks that resolved the issue :slight_smile:

(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.