I am parsing Apache log files and, instead of IP addressess , it mostly contains things like ec2-54-200-236-252.us-west-2.compute.amazonaws.com . I have tried the DNS filter to no avail. I'd like to have the IP address so i can use it with geoip. If i ping the "name", i get the IP address. Any ideas on if Logstash supports this or if there is a 3rd party plugin for it? I have googled a bunch and have come up empty.
A reverse DNS filter didn't work?
Not for me. not that i could tell. Maybe i just didnt have the config right. I've tried different things to include just passing the name via the stdin input. Below is an example of one of the things l tried. I get no error and nothing is added to the output.
input { stdin { } }
filter {
mutate {
strip => "message"
}
dns {
reverse => [ "source_host", "message" ]
}
}
output {
stdout { codec => rubydebug }
}
Stripping message means doing any subsequent filters on that won't work!
Also I think you should be using the resolve filter rather than reverse, cause we aren't doing a reverse lookup (I missed that earlier).
I am using strip to remove the /r just in case that was causing issues with my test. FYI - message still shows up in the output.
I had tried using resolve to no avail. As i said, that config file is just an example of the things i tried (and tried .....