DNS Lookup result in Discover Apache Logs

coolmac · January 16, 2020, 7:05am

Hello.

Faced with the need to see in the Apache log report the host name by ip-address (dns lookup reverse). I use Elastic Cloud and do not fully understand how this can be done.

I added settings to filebeat.yml (on the server where the logs come from), indicated this:

processors:

  - dns:
      type: reverse
      fields:
        source.ip: source.hostname
        destination.ip: destination.hostname

  - add_host_metadata: ~
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

but the data did not appear in the report. Perhaps you need to somehow add a new field? I am new to this question. Perhaps someone knows why this does not work for me?

matw · January 17, 2020, 3:01pm

Hi and welcome to our community !

Could you provide some details? Which kind of report do you mean? Did you check the, that the data arrived in Elasticsearch and can be found e.g. in Kibana's Discover?

Thx & Best,
Matthias

system · February 14, 2020, 3:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Display the DNS of the visiting IP SIEM	7	471	June 8, 2021
Using DNS processors in built in integration in Kibana Kibana integrations	1	399	April 25, 2022
Elastic Agent, System Integration, Processors Kibana fleet	9	1090	July 27, 2022
DNS Lookup from packetbeat Elasticsearch	3	422	July 15, 2018
Having problem in reverse mapping of hostname to ip address using DNS filter Logstash	3	1258	September 18, 2017

DNS Lookup result in Discover Apache Logs

Related Topics