I have logs that includes IP address I want to map IP address to its hostname (eg, AWS ec2) or its organisation.
Just like whatsmyipaddress does. Need suggestions or plugins that can help do this.
I am open to get any of the details - Hostname/ISP/Organisation.
Or basic reverse DNS Lookup will also work
eg (public IP)-
If you are using Logstash, dns filter plugin wil help you.
Thanks for the suggeestion.
I am currently using kibana elastic.
does this support plugin?
How do you load your logs to Elasticsearch?
You can Use an Ingest Pipeline for ASN and Organization
With GeoIP Processor
And configure for ISP / ASN options
PUT _ingest/pipeline/discuss-geoip
{
"processors": [
{
"geoip": {
"ignore_missing": true,
"database_file": "GeoLite2-ASN.mmdb",
"field": "ip",
"target_field": "as",
"properties": [
"asn",
"organization_name"
]
}
}
]
}
POST discuss-index/_doc?pipeline=discuss-geoip
{
"ip": "8.8.8.8"
}
GET discuss-index/_search
results
{
"took" : 104,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 1,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "discuss-index",
"_id" : "ECjEZX4BE6hlKdvwv5MT",
"_score" : 1.0,
"_source" : {
"as" : {
"organization_name" : "GOOGLE",
"asn" : 15169
},
"ip" : "8.8.8.8"
}
}
]
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.