can anyone help me with ingesting DNS requesting using packetbeat in logstash .
im having the following filter and it keep tilling me client_ip is missing
filter {
if "packetbeat" in [tags] {
dns {
reverse => [ "client_ip" ]
action => "replace"
hit_cache_size => "100"
hit_cache_ttl => "180"
}
}
}
regards
And what does a line look like? And how does the rest of your config look?
And PLEASE format your code.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.