Getting aws internal ip when using dns plugin i want to see actual dns name like abc.test.com

sujeetjha · December 3, 2020, 6:26am

Getting AWS internal IP (ip-11-11-11-11-amazon.com) when using DNS plugin I want to see actual DNS name like abc.test.com.. what should I do plz suggest... here is my code below


# Beats -> Logstash -> Elasticsearch pipeline.
input {
  beats {
    port => 5047
  }
}

#filter file for Default VPC flow log
filter {
  grok {
    match => ["message","%{WORD:version} %{WORD:account_id} %{NOTSPACE:interface_id} %{IP:srcaddr} %{IP:dstaddr} %{NUMBER:srcport} %{NUMBER:dstport} %{NUMBER:protocol} %{NUMBER:packets} %{NUMBER:bytes} %{NUMBER:start} %{NUMBER:end} %{WORD:action} %{WORD:log_status}"]
  }
  dns {
    reverse => [ "srcaddr", "dstaddr"]
    action => "replace"
  }
}
output {
  elasticsearch {
    hosts => "http://localhost:9200"
    index => "vpc-%{+YYYY.MM.dd}"
  }
}

Badger · December 3, 2020, 4:35pm

Take it up with Amazon support. They control the DNS data for their addresses.

system · December 31, 2020, 4:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.