Logstash IP to Hostname

Elastic Stack Logstash
1

I have configured Logstash to receive the syslog message from the networking devices. The dnsmasq and static host-file are used to translate the IP address to hostname. The system is working for few months.

I have changed the hostname of a IP in the host-file and restarted the dnsmasq recently . The nslookup can output the updated hostname. But in the Kibana dashboard, I found the system still using the old hostname .

Could you tell me how to update the hostname field for the specific IP ?

Here is the logstash configuration for the syslog.

input {
udp{
type => syslog
port => 5140
tags => []

}
}

mutate {
add_field => { "hostname" => "%{host}" }
}
dns {
action => "replace"
reverse => [ "hostname" ]
#add_tag => [ "dns_lookup" ]
}

2

I wonder if the dns filter by default uses /etc/hosts. Have you tried pointing the hostsfile parameter to /etc/hosts?

3

I thought dns plugin using the system DNS to resolve the hostname if hostsfile parameter is not specified.

There is no hostsfile parameter previously.

I have added the hostsfile parameter and Logstash can resolve the correct hostname now :slight_smile:

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.