I am using the DNS filter which logs a WARN message when it fails to resolve an IP to a hostname. My logstash logs are filling up with these events, which I don't care about. Currently, there are about 300k lines of resolution warnings since the file was created about 11 hours ago. Is there a way to configure the filter to not log the event?
A failure of DNS to resolve is a DEBUG message. Which WARN are you getting?
Scrubbed IP from log entries...
[2019-04-29T00:00:07,630][WARN ][logstash.filters.dns ] DNS: timeout on resolving address. {:field=>"[event_data][IpAddress]", :value=>"xxx.xxx.xxx.xxx"}
[2019-04-29T00:00:07,630][WARN ][logstash.filters.dns ] DNS: timeout on resolving address. {:field=>"[event_data][IpAddress]", :value=>"xxx.xxx.xxx.xxx"}
It will always log a WARN for that. Increasing the timeout might reduce the frequency. Half a second seems remarkably short as the default.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.