Parsing DNS Logs from GCP Cloud

daniel_a · January 13, 2020, 10:10pm

Is there a parser for the DNS logs in Logstash? I've noticed some of my logs are not being parsed, the ones with multiple lines. This shows up as a single field. How can I parse it?

jsonPayload.rdata	google.com.	299	IN	a	172.217.214.113
                    google.com.	299	IN	a	172.217.214.101
                    google.com.	299	IN	a	172.217.214.138
                    google.com.	299	IN	a	172.217.214.100
                    google.com.	299	IN	a	172.217.214.102
                    google.com.	299	IN	a	172.217.214.139

Badger · January 13, 2020, 11:32pm

If you receive that as a single event and want to extract the 6 entries then you can do it using ruby and scan. See here for an example.

system · February 10, 2020, 11:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parsing problem - one or more space Logstash	2	743	December 1, 2019
Grok parsing in logstash for Windows DNS Debug Log Logstash	12	1688	January 4, 2022
How to parse DNS log Logstash	1	840	July 26, 2017
Help in Parsing JSON Log File Logstash	2	273	May 16, 2020
Parsing repeated patterns Logstash	7	1975	July 6, 2017

Parsing DNS Logs from GCP Cloud

Related Topics