Logstash DNS Filter Issue

sysadmin007 · March 13, 2018, 10:43pm

Hello All,
I setup an ELK Stack with the latest version of logstash 6.2.2 on Ubuntu 17.10. The setup went ok i have netflow records in my Kibana dashboard and most everything seems to be working properly. The only issue I am stumped on is making the DNS filter work to resolve 1 field in my netflow data. It seems the fields from mutate just never appear anywhere in Kibana. Any help would be greatly appreciated as I have been working on this the last week trying so many solutions. Thank you!

netflow.conf in /etc/logstash/conf.d directory

input {
    udp {
        port => 9991
        codec => netflow
    }
}
 filter {
         mutate {
                add_field => { "dst_host" => "%{[netflow][dst_addr]}" }
      }
         dns {
                # DNS Filter
                reverse => [ "dst_host" ]
                action => "replace"
                nameserver => [ "10.0.100.8" ]
                hit_cache_size => 4096
                hit_cache_ttl => 900
                failed_cache_size => 512
                failed_cache_ttl => 900
       }

}
output {
    elasticsearch {
        hosts => [ "localhost:9200" ]
    }
}

logstash.yml

 modules:
      - name: netflow
        var.input.udp.port: 9991

system · April 10, 2018, 10:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Having issue with DNS filter Logstash	8	2440	February 14, 2018
Filter "logstash-filter-dns" doesn't work Logstash	1	452	August 10, 2018
DNS filter in logstash Netflow Module Logstash	1	642	February 24, 2018
DNS filter not working Logstash	5	5698	April 28, 2017
DNS filter performance issue? Logstash	6	4957	July 6, 2017

Logstash DNS Filter Issue

Related topics