Logstash reverse field DNS name

Hi

Suppose I have fields with fully qualified DNS names.

fx myhost.company.com
fx myhost.company.biz

We have millions of these names.

Suppose I want to search for all DNS names ending in *.biz. This leads me to inefficient wildcard search or ?

So I was thinking if I should create a new field where the name is reversed to make searching more efficient.

com.company.myhost.
biz.company.myhost.

But I dont know if this is the correct approach. And how would I reverse a field in logstash ?

Any thoughts ?

Regards
Kim

Use a path hierarchy tokenizer for your field.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.