Hi,
I am collecting bind9 logs through logstash; now I am thinking of using translation plugin but the my destination field varies and I want that to be appear in logs or should get indexed. Can someone please give me any clue or if any idea with logstash plugin to achieve this?
Here is I want to achieve and my dictionary file
translate {
field => "query"
destination => "????????"
refresh_interval => 200
dictionary_path => '/etc/logstash/doms.yaml'
}
"0ek.ru": "Glupteba"
"0ev.ru": "emotet"
"0ey.ru": "emotet"
"0g2.ru": "Phishing"
"0ge.ru": "RAT"
"0i4.ru": "Glupteba"
"0iy.ru": "Ramcos"
"0jo.ru": "APT28"