We are ingesting Netflow v9 datagram with Logstash 5.6.4 onto our 5.6.4 elastic cluster. This is working great and kibana dashboards and visualizations are very handy. One thing we are looking to do is to transform IP address into hostnames in the netflow data. Our Netflow is configured in logstash with logstash.yml file. Is there a way we can access the event data of the netflow module like regular logstash pipelines? I am looking to see if we can apply DNS filter plugin to transform the IP address fields to their corresponding hostnames. If the event data of logstash modules cannot be accessed this way it will be great if someone can advise on how else I can get hostnames.
Thanks for any pointers
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.