Match a IP and add a Name

lueneburger · September 22, 2017, 7:50am

Hi everyone,

short question:

is it possible to match the client_Ip field against a set of ips -> names?

right now i collect my haproxy logs into ES and can see the client_IP without any problem, all IPs are whitelisted, so i need to go on my firewall and look into the list, but it would be easier for other ppl, to see the name of the Partner behind the IP.

maybe someone has an idea?

was first thinking about a script with curl to add the named for each document, but...yea could be madness (index currently only have 3 - 4milion doc. each day)

so maybe something fancy within logstash, that i cant see?

thanks in advance for any idea and help,

Cheers
Dirk

warkolm · September 22, 2017, 7:55am

If you use the translate filter you can do that during ingestion, or you could use the Elasticsearch filter to do a lookup of in an index where you may have that info and do the same thing.

lueneburger · September 22, 2017, 8:03am

Hi @warkolm,

things that i never heard of
will take a look thanks.

system · October 20, 2017, 8:03am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Match name in Logstash Filter Elasticsearch plugin Logstash	2	387	April 5, 2018
Client ip address Elasticsearch	4	3057	February 13, 2017
Clientip field is not identified by logstash (Solved) Logstash	12	4455	July 6, 2017
I need advice on this new use case - IOC Elasticsearch	4	1410	September 25, 2017
Consider only first IP on apache access log Logstash	3	623	April 14, 2017

Match a IP and add a Name

Related topics