How to use Translate plugin in grok filter

sreejiths · September 18, 2017, 7:28am

https://www.elastic.co/guide/en/logstash/5.2/plugins-filters-translate.html#plugins-filters-translate-dictionary_path

Hi , I have a specific requirement , I will have a csv file with data as below , what i want is if the message is coming from specified ip address or ip address range(Source of message/input) , need to add a tag in the next column of the csv sheet . Will translate plugin help in achieve ? if yes can someone provide some used cases or examples ? If No ,,can advice on how to achieve the above specific requirement

IP Address Dept
10.12.1.93 HR
10.12.1.102 TECH
10.15.0.206 FIN
10.12.8.50 HR
10.15.116.225 FIN
10.12.1.183 TECH

warkolm · September 18, 2017, 7:32am

Yes it can do that.

Just point the filter at the field that has the IP and it'll do the lookup.

sreejiths · September 18, 2017, 7:46am

Can you please advice the filter block , sorry I am bit new to ELK

warkolm · September 18, 2017, 7:51am

FYI we’ve renamed ELK to the Elastic Stack, otherwise Beats feels left out

translate {
  field => "Put your field name here"
  dictionary_path => "/path/to/the/dictionary/file"
}

That is really all you need to get started.

sreejiths · September 18, 2017, 8:21am

Sorry , will keep a note on Elastic stack

Will the below work , i doubt ..Honestly i didnt get logic of this plugin ..

translate {
dictionary_path => "/etc/logstash/hosts.csv"
field => "host"
destination => "Dept"
}

Below will be content of CSV file
IP Address Dept
10.12.1.93 HR
10.12.1.102 TECH
10.15.0.206 FIN
10.12.8.50 HR
10.15.116.225 FIN
10.12.1.183 TECH

warkolm · September 18, 2017, 8:23am

No, the format of the dictionary is wrong.
See https://www.elastic.co/guide/en/logstash/current/plugins-filters-translate.html#plugins-filters-translate-dictionary_path

system · October 16, 2017, 8:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.