can anyone help me with ingesting DNS requesting using packetbeat in logstash .
im having the following filter and it keep tilling me client_ip is missing
filter {
if "packetbeat" in [tags] {
dns {
reverse => [ "client_ip" ]
action => "replace"
hit_cache_size => "100"
hit_cache_ttl => "180"
}
}
}
regards
And what does a line look like? And how does the rest of your config look?
And PLEASE format your code.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.