For context:
windows machine -> server -> winlogbeats
Not sure if there is a way to use either dns lookup or possibly some other method for the server to get the ip address of the windows machine from a forwarded windows event containing its hostname.
If you were to perform a nslookup <winlog.computer_name> does that return the IP that you are expecting?
If so then you could integrate Logstash into your data pipeline and apply the DNS filter to perform the lookup enrichment for you.
Beats does have a DNS processor, but it only supports reverse IP lookups. There is an open enhancement request to allow standard A/AAAA lookups.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.