Getting aws internal ip when using dns plugin i want to see actual dns name like

Getting AWS internal IP ( when using DNS plugin I want to see actual DNS name like what should I do plz suggest... here is my code below

# Beats -> Logstash -> Elasticsearch pipeline.
input {
  beats {
    port => 5047

#filter file for Default VPC flow log
filter {
  grok {
    match => ["message","%{WORD:version} %{WORD:account_id} %{NOTSPACE:interface_id} %{IP:srcaddr} %{IP:dstaddr} %{NUMBER:srcport} %{NUMBER:dstport} %{NUMBER:protocol} %{NUMBER:packets} %{NUMBER:bytes} %{NUMBER:start} %{NUMBER:end} %{WORD:action} %{WORD:log_status}"]
  dns {
    reverse => [ "srcaddr", "dstaddr"]
    action => "replace"
output {
  elasticsearch {
    hosts => "http://localhost:9200"
    index => "vpc-%{+YYYY.MM.dd}"

Take it up with Amazon support. They control the DNS data for their addresses.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.