Getting AWS internal IP (ip-11-11-11-11-amazon.com) when using DNS plugin I want to see actual DNS name like abc.test.com.. what should I do plz suggest... here is my code below
# Beats -> Logstash -> Elasticsearch pipeline.
input {
beats {
port => 5047
}
}
#filter file for Default VPC flow log
filter {
grok {
match => ["message","%{WORD:version} %{WORD:account_id} %{NOTSPACE:interface_id} %{IP:srcaddr} %{IP:dstaddr} %{NUMBER:srcport} %{NUMBER:dstport} %{NUMBER:protocol} %{NUMBER:packets} %{NUMBER:bytes} %{NUMBER:start} %{NUMBER:end} %{WORD:action} %{WORD:log_status}"]
}
dns {
reverse => [ "srcaddr", "dstaddr"]
action => "replace"
}
}
output {
elasticsearch {
hosts => "http://localhost:9200"
index => "vpc-%{+YYYY.MM.dd}"
}
}