Hi there,

I have file something like this; a dict file probably. Lets say doms.yaml Emotet Emotet Emotet Phishing Phishing RAT Ransomware APT cryptomining

And then I am parsing bind logs using logstash with field particularly

So here how do I tag the message as soon as a any domain is found from doms.yaml file? Like

If is found and parsed by logstash it should tag APT OR is found shld be tagged by name RANSOMWARE and so on..

Can someone please help?

I think you should be able to use the translate filter for this.

hmm...I am wondering how? But any way let me dig further or would really appreciate if you can give me a small hint.


OK - Thanks that resolved the issue :slight_smile:

