Client ip address


(Maile Halatuituia) #1

Hi
I saw log coming from my dns and it include client ip address requesting domain names. I want to add that client to my list of field where i can seach for what domain it request etc etc ... how can i add that client ip address as a filed which i don't see in the lost.


(Maile Halatuituia) #2

anybody in the house ????


(Xavier Facq) #3

Your question is not very clear, so can you explain where is the problem with your Elasticsearch ?
Please provide : Elasticsearch version, number of nodes, configuration or log files.


(Maile Halatuituia) #4

Thanks xavier

My document contain bind DNS log pattern like shown below on Kibana

yslog_pid:
17195
syslog_severity_code:
5
offset:
2,831,951,196
syslog_facility:
user-level
input_type:
log
syslog_facility_code:
1
source:
/var/log/bind.log
syslog_program:
named
message:
Jan 16 09:18:49 ns4 named[17195]: 16-Jan-2017 09:18:49.644 client 202.134.31.158#50378 (e6858.dsce9.akamaiedge.net): view unga-dmz: query: e6858.dsce9.akamaiedge.net IN A + (202.134.24.120)
type:
syslog
syslog_message:
16-Jan-2017 09:18:49.644 client 202.134.31.158#50378 (e6858.dsce9.akamaiedg?

if you see the highlighted keywork are available fields where i can search etc etc but i want to add client, view, query etc etc to the available fields where i can use that for search and analyzed .... i hpe this makes sense now ... please elt me know if you need more clarification about my question.


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.