Hello,
I have a question regarding nginx integration - access-log.
I set it up and everything is working but I want to change source.ip to hostname.
I'm using Fleet with agent and nginx integration.
I added to Collect logs from Nginx instances - Nginx access logs - Advanced options - Processors:
-
add_fields:
target: dns
fields:
ip: '104.26.6.148' -
dns:
type: reverse
fields:
dns.ip: resolved.ip
nameservers: ['169.254.169.253']
tag_on_failure: [_dns_reverse_lookup_failed]
it is working with static IP, but how can I resolve source.ip comming from logs ?
I found fields which are holding IP address. I want to resolve , but what I read those fields are not set/accessible in processors:
related.ip
source.address
source.ip
nginx.access.remote_ip_list
Is there some way how can I resolve hostname and set it to new or existing field ?
thanks
Peter