Hello Guys,
In my config I have a filter to try replace domain1 by domain2, but I think it don't work.
I recieved for example the server1.domain1.com and the same server with the domain2 and
I don't want save the same server with 2 differents domain.
Please, anyone can check my filter?
Thank you.
filter { mutate { add_field => { "hostname" => "%{host}" } gsub => [ "hostname", "domain1","domain2" ] } dns { action => "replace" reverse => ["hostname"] add_tag => ["dns_lookup"] } }
You shouldn't assume that the options to mutate are evaluated in the order they're listed. Try splitting the mutate filter in two; one with add_field and one with gsub.
Hello Magnus,
I tried again whith this code:
mutate { add_field => { "hostname" => "%{host}" } } mutate { gsub => [ "hostname", "domain1","domain2" ] } dns { action => "replace" reverse => ["hostname"] add_tag => ["dns_lookup"] }
But nothing happend. Is available some way to check my filter with static values and will see if the domain is replaced?
Or you have an other filter to replace the domain in hostname?.
Thank you.
Please recognize the "nothing happened" is ambiguous. What doesn't happen? The hostname field is never created? The domain name replacement doesn't happen? The DNS lookup doesn't take place? The mutate filters work just fine:
$ cat test.config
input { stdin { codec => json } }
output { stdout { codec => rubydebug { metadata => true } } }
filter {
mutate {
add_field => { "hostname" => "%{host}" }
}
mutate {
gsub => [ "hostname", "domain1","domain2" ]
}
}
$ echo '{"host": "hostname.domain1.com"}' | /opt/logstash/bin/logstash -f test.config
Settings: Default pipeline workers: 8
Logstash startup completed
{
"host" => "hostname.domain1.com",
"@version" => "1",
"@timestamp" => "2016-02-26T14:24:24.925Z",
"hostname" => "hostname.domain2.com"
}
Logstash shutdown completed
Is is really correct to list hostname in the reverse option? Reverse lookups for hostnames doesn't make sense.
Sorry, the domain replacement doesn't happen.
I'm going to try with your code.
Thank you.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.