Trying to figure how to provide hostname based off the IP, issue is system is reading information out of band so no DNS or anything to tie back to. I could do a basic file/hostfile for majority of IP --> hostname, or could it be converted on the fly. (Ingesting zeek/suricata logs).
Would it be better to have an additional for hostname based off IP.
Thanks for any inputs (really new at the whole Elastic Stack coming from Splunk were I could do Lookup tables).