Hi ,
I am working with DNS query logs and I want the PTR record to change to the IP address.
From : 4.3.2.1.in-addr.arpa to 1.2.3.4
I am trying to use ruby filter and add this information as a new field to the event object.
This is what my config looks like. The code section of ruby filter.
if !event.get('queryType').include? 'PTR'
event['ip'] = event.get('queryName').match(/((?:[0-9]{0,3}.){4}?).*in/)[1].chomp(".").split(".").reverse.join(".")
end
But logstash fails to startup . How do i debug this ?