Hello, we're using the ElasticStack 7.6.1 and I was wondering how to get the DNS filter for Logstash to perform a reverse DNS lookup on the IP address in each each message and put the results in a new field; looking at the documentation I can only see append or replace as the action.
Any help greatly appreciated.
The dns filter always modifies the field used to tell it what to reverse/resolve. It does not have a target option.
You can use mutate to copy the field you want to reverse lookup to a new field, then use the dns filter to overwrite that. Then possibly remove the new field if the lookup failed and it is still equal to the address value.
Thanks Badger that sounds like a plan
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.