Logstash IP to Hostname

vvserpent · July 13, 2017, 3:31am

I have configured Logstash to receive the syslog message from the networking devices. The dnsmasq and static host-file are used to translate the IP address to hostname. The system is working for few months.

I have changed the hostname of a IP in the host-file and restarted the dnsmasq recently . The nslookup can output the updated hostname. But in the Kibana dashboard, I found the system still using the old hostname .

Could you tell me how to update the hostname field for the specific IP ?

Here is the logstash configuration for the syslog.

input {
udp{
type => syslog
port => 5140
tags => []

}
}

mutate {
add_field => { "hostname" => "%{host}" }
}
dns {
action => "replace"
reverse => [ "hostname" ]
#add_tag => [ "dns_lookup" ]
}

magnusbaeck · July 13, 2017, 6:05am

I wonder if the dns filter by default uses /etc/hosts. Have you tried pointing the hostsfile parameter to /etc/hosts?

vvserpent · July 13, 2017, 6:59am

I thought dns plugin using the system DNS to resolve the hostname if hostsfile parameter is not specified.

There is no hostsfile parameter previously.

I have added the hostsfile parameter and Logstash can resolve the correct hostname now

system · August 10, 2017, 6:59am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Viewing hostname instead of ip Logstash	5	2358	August 6, 2019
How to match IP address to hostname without dns [Solved] Logstash	6	18985	July 6, 2017
How does Logstash know the host.hostname field? Logstash	5	898	October 8, 2023
Logstash parsing syslog Logstash	8	3520	July 6, 2017
Node.name not reflected in "host" Logstash	2	730	March 24, 2018

Logstash IP to Hostname

Related topics