We are presently using Elk stack for receiving syslog through file beat.
We are receiving logs in logstash and also in Elasticsearch but we are not
getting source ip in our dashboard
Below is the config file of logstash
input {
beats {
port => "5044"
}
}
filter {
grok {
match => { "message" => "%{SYSLOGLINE}"}
}
geoip {
source => "clientip"
}
}
output {
elasticsearch {
hosts => [ "192.168.0.105:9200" ]
}
}