Hello everybody!
I am receiving logs from several routers in a building with 20 companies. I would like to identify my top 10 Internet destinations, but I would like to see the Name of the destination in my Kibana graphs, not the IP.
So I guess I might use DNS resolving (but I am afraid it's gonna be too many requests)... or I might use the Filter and Mutate function, but I need some help:
filter { if [dst_ip] == "31.13.95.14" { mutate { replace => [ "dst_ip", "BLUE-WEBSITE" ] } } }
Works fine for 1 IP. But BLUE-WEBSITE has more than 1 IP, it has several in the same subnet. So I would like to do something like this, can I?
filter { if [dst_ip] == "31.13.95.xxx" { mutate { replace => [ "dst_ip", "BLUE-WEBSITE" ] } } }
But this doesn't work at all, the XXX is not understood.
Does anyone has any clue? Thank you so much!
Vincent.