Is it possible to gain an ip address from a hostname in forwarded event?

For context:

windows machine -> server -> winlogbeats

Not sure if there is a way to use either dns lookup or possibly some other method for the server to get the ip address of the windows machine from a forwarded windows event containing its hostname.

If you were to perform a nslookup <winlog.computer_name> does that return the IP that you are expecting?

If so then you could integrate Logstash into your data pipeline and apply the DNS filter to perform the lookup enrichment for you.

Beats does have a DNS processor, but it only supports reverse IP lookups. There is an open enhancement request to allow standard A/AAAA lookups.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.