I saw log coming from my dns and it include client ip address requesting domain names. I want to add that client to my list of field where i can seach for what domain it request etc etc ... how can i add that client ip address as a filed which i don't see in the lost.
anybody in the house ????
Your question is not very clear, so can you explain where is the problem with your Elasticsearch ?
Please provide : Elasticsearch version, number of nodes, configuration or log files.
My document contain bind DNS log pattern like shown below on Kibana
Jan 16 09:18:49 ns4 named: 16-Jan-2017 09:18:49.644 client 18.104.22.168#50378 (e6858.dsce9.akamaiedge.net): view unga-dmz: query: e6858.dsce9.akamaiedge.net IN A + (22.214.171.124)
16-Jan-2017 09:18:49.644 client 126.96.36.199#50378 (e6858.dsce9.akamaiedg?
if you see the highlighted keywork are available fields where i can search etc etc but i want to add client, view, query etc etc to the available fields where i can use that for search and analyzed .... i hpe this makes sense now ... please elt me know if you need more clarification about my question.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.