Client ip address

Hi
I saw log coming from my dns and it include client ip address requesting domain names. I want to add that client to my list of field where i can seach for what domain it request etc etc ... how can i add that client ip address as a filed which i don't see in the lost.

anybody in the house ????

Your question is not very clear, so can you explain where is the problem with your Elasticsearch ?
Please provide : Elasticsearch version, number of nodes, configuration or log files.

Thanks xavier

My document contain bind DNS log pattern like shown below on Kibana

yslog_pid:
17195
syslog_severity_code:
5
offset:
2,831,951,196
syslog_facility:
user-level
input_type:
log
syslog_facility_code:
1
source:
/var/log/bind.log
syslog_program:
named
message:
Jan 16 09:18:49 ns4 named[17195]: 16-Jan-2017 09:18:49.644 client 202.134.31.158#50378 (e6858.dsce9.akamaiedge.net): view unga-dmz: query: e6858.dsce9.akamaiedge.net IN A + (202.134.24.120)
type:
syslog
syslog_message:
16-Jan-2017 09:18:49.644 client 202.134.31.158#50378 (e6858.dsce9.akamaiedg?

if you see the highlighted keywork are available fields where i can search etc etc but i want to add client, view, query etc etc to the available fields where i can use that for search and analyzed .... i hpe this makes sense now ... please elt me know if you need more clarification about my question.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.