Getting aws internal ip when using dns plugin i want to see actual dns name like abc.test.com

sujeetjha · December 3, 2020, 6:26am

Getting AWS internal IP (ip-11-11-11-11-amazon.com) when using DNS plugin I want to see actual DNS name like abc.test.com.. what should I do plz suggest... here is my code below


# Beats -> Logstash -> Elasticsearch pipeline.
input {
  beats {
    port => 5047
  }
}

#filter file for Default VPC flow log
filter {
  grok {
    match => ["message","%{WORD:version} %{WORD:account_id} %{NOTSPACE:interface_id} %{IP:srcaddr} %{IP:dstaddr} %{NUMBER:srcport} %{NUMBER:dstport} %{NUMBER:protocol} %{NUMBER:packets} %{NUMBER:bytes} %{NUMBER:start} %{NUMBER:end} %{WORD:action} %{WORD:log_status}"]
  }
  dns {
    reverse => [ "srcaddr", "dstaddr"]
    action => "replace"
  }
}
output {
  elasticsearch {
    hosts => "http://localhost:9200"
    index => "vpc-%{+YYYY.MM.dd}"
  }
}

Badger · December 3, 2020, 4:35pm

Take it up with Amazon support. They control the DNS data for their addresses.

Topic		Replies	Views
Convert site name to IP address in Logstash Logstash	5	1696	July 6, 2017
AWS EC2 Logstash input with external IPs Logstash	0	241	January 5, 2021
Sending Beat data from AWS to a server with a private IP Beats winlogbeat	6	1339	May 8, 2017
Need to map ip address from logs to map with corresponding hostname Kibana	5	1369	February 14, 2022
Problem with logstash DNS resolver plugin Logstash	11	1317	October 7, 2019

Getting aws internal ip when using dns plugin i want to see actual dns name like abc.test.com

Related topics