Logstash IP to Hostname

vvserpent · July 13, 2017, 3:31am

I have configured Logstash to receive the syslog message from the networking devices. The dnsmasq and static host-file are used to translate the IP address to hostname. The system is working for few months.

I have changed the hostname of a IP in the host-file and restarted the dnsmasq recently . The nslookup can output the updated hostname. But in the Kibana dashboard, I found the system still using the old hostname .

Could you tell me how to update the hostname field for the specific IP ?

Here is the logstash configuration for the syslog.

input {
udp{
type => syslog
port => 5140
tags => []

}
}

mutate {
add_field => { "hostname" => "%{host}" }
}
dns {
action => "replace"
reverse => [ "hostname" ]
#add_tag => [ "dns_lookup" ]
}

magnusbaeck · July 13, 2017, 6:05am

I wonder if the dns filter by default uses /etc/hosts. Have you tried pointing the hostsfile parameter to /etc/hosts?

vvserpent · July 13, 2017, 6:59am

I thought dns plugin using the system DNS to resolve the hostname if hostsfile parameter is not specified.

There is no hostsfile parameter previously.

I have added the hostsfile parameter and Logstash can resolve the correct hostname now

system · August 10, 2017, 6:59am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to match IP address to hostname without dns [Solved] Logstash	6	18965	July 6, 2017
DNS filter not working Logstash	5	5697	April 28, 2017
Syslog source ip Logstash	4	3537	October 1, 2020
Parsing Syslog to Logstash Logstash	6	475	March 10, 2020
Parsing hostname Logstash	2	3043	July 6, 2017

Logstash IP to Hostname

Related Topics