I have file something like this; a dict file probably. Lets say doms.yaml
And then I am parsing bind logs using logstash with field particularly
So here how do I tag the message as soon as a any domain is found from doms.yaml file? Like
If factsgo.science is found and parsed by logstash it should tag APT OR
evenran.online is found shld be tagged by name RANSOMWARE and so on..
Can someone please help?
Thanks and Regards,