Nope.
If input a file with one ip address "192.168.1.1"
and then I create a template with "domain":"ip"
it says that this is not the right type
Failed action. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"paloalto-2016.03.16", :_type=>"paloalto", :_routing=>nil}, #<LogStash::Event:0x530f722e @metadata={"path"=>"/etc/logstash/paloalto/patest.log"}, @accessors=#<LogStash::Util::Accessors:0xec9dba6 @store={"message"=>"192.168.1.5", "@version"=>"1", "@timestamp"=>"2016-03-16T18:35:00.610Z", "path"=>"/etc/logstash/paloalto/patest.log", "host"=>"ukequlvpoc003", "type"=>"paloalto", "Domain"=>"192.168.1.5", "tags"=>["pa-threats"]}, @lut={"path"=>[{"message"=>"192.168.1.5", "@version"=>"1", "@timestamp"=>"2016-03-16T18:35:00.610Z", "path"=>"/etc/logstash/paloalto/patest.log", "host"=>"ukequlvpoc003", "type"=>"paloalto", "Domain"=>"192.168.1.5", "tags"=>["pa-threats"]}, "path"], "host"=>[{"message"=>"192.168.1.5", "@version"=>"1", "@timestamp"=>"2016-03-16T18:35:00.610Z", "path"=>"/etc/logstash/paloalto/patest.log", "host"=>"ukequlvpoc003", "type"=>"paloalto", "Domain"=>"192.168.1.5", "tags"=>["pa-threats"]}, "host"], "type"=>[{"message"=>"192.168.1.5", "@version"=>"1", "@timestamp"=>"2016-03-16T18:35:00.610Z", "path"=>"/etc/logstash/paloalto/patest.log", "host"=>"ukequlvpoc003", "type"=>"paloalto", "Domain"=>"192.168.1.5", "tags"=>["pa-threats"]}, "type"], "[type]"=>[{"message"=>"192.168.1.5", "@version"=>"1", "@timestamp"=>"2016-03-16T18:35:00.610Z", "path"=>"/etc/logstash/paloalto/patest.log", "host"=>"ukequlvpoc003", "type"=>"paloalto", "Domain"=>"192.168.1.5", "tags"=>["pa-threats"]}, "type"], "[message]"=>[{"message"=>"192.168.1.5", "@version"=>"1", "@timestamp"=>"2016-03-16T18:35:00.610Z", "path"=>"/etc/logstash/paloalto/patest.log", "host"=>"ukequlvpoc003", "type"=>"paloalto", "Domain"=>"192.168.1.5", "tags"=>["pa-threats"]}, "message"], "message"=>[{"message"=>"192.168.1.5", "@version"=>"1", "@timestamp"=>"2016-03-16T18:35:00.610Z", "path"=>"/etc/logstash/paloalto/patest.log", "host"=>"ukequlvpoc003", "type"=>"paloalto", "Domain"=>"192.168.1.5", "tags"=>["pa-threats"]}, "message"], "[Domain]"=>[{"message"=>"192.168.1.5", "@version"=>"1", "@timestamp"=>"2016-03-16T18:35:00.610Z", "path"=>"/etc/logstash/paloalto/patest.log", "host"=>"ukequlvpoc003", "type"=>"paloalto", "Domain"=>"192.168.1.5", "tags"=>["pa-threats"]}, "Domain"], "tags"=>[{"message"=>"192.168.1.5", "@version"=>"1", "@timestamp"=>"2016-03-16T18:35:00.610Z", "path"=>"/etc/logstash/paloalto/patest.log", "host"=>"ukequlvpoc003", "type"=>"paloalto", "Domain"=>"192.168.1.5", "tags"=>["pa-threats"]}, "tags"], "[SourceIP]"=>[{"message"=>"192.168.1.5", "@version"=>"1", "@timestamp"=>"2016-03-16T18:35:00.610Z", "path"=>"/etc/logstash/paloalto/patest.log", "host"=>"ukequlvpoc003", "type"=>"paloalto", "Domain"=>"192.168.1.5", "tags"=>["pa-threats"]}, "SourceIP"], "SourceIP"=>[{"message"=>"192.168.1.5", "@version"=>"1", "@timestamp"=>"2016-03-16T18:35:00.610Z", "path"=>"/etc/logstash/paloalto/patest.log", "host"=>"ukequlvpoc003", "type"=>"paloalto", "Domain"=>"192.168.1.5", "tags"=>["pa-threats"]}, "SourceIP"]}>, @data={"message"=>"192.168.1.5", "@version"=>"1", "@timestamp"=>"2016-03-16T18:35:00.610Z", "path"=>"/etc/logstash/paloalto/patest.log", "host"=>"ukequlvpoc003", "type"=>"paloalto", "Domain"=>"192.168.1.5", "tags"=>["pa-threats"]}, @metadata_accessors=#<LogStash::Util::Accessors:0x7fa5cd21 @store={"path"=>"/etc/logstash/paloalto/patest.log"}, @lut={"[path]"=>[{"path"=>"/etc/logstash/paloalto/patest.log"}, "path"]}>, @cancelled=false>], :response=>{"create"=>{"_index"=>"paloalto-2016.03.16", "_type"=>"paloalto", "_id"=>"AVOAtaZj6FFiT7UMT_ZE", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse [Domain]", "caused_by"=>{"type"=>"number_format_exception", "reason"=>"For input string: "192.168.1.5""}}}}, :level=>:warn}
this isnt normal behavior...