Hi
Suppose I have fields with fully qualified DNS names.
fx myhost.company.com
fx myhost.company.biz
We have millions of these names.
Suppose I want to search for all DNS names ending in *.biz. This leads me to inefficient wildcard search or ?
So I was thinking if I should create a new field where the name is reversed to make searching more efficient.
com.company.myhost.
biz.company.myhost.
But I dont know if this is the correct approach. And how would I reverse a field in logstash ?
Any thoughts ?
Regards
Kim