Unable to index one field..please help

Blason · December 2, 2017, 6:13pm

Hi All,

I am using bind log parser to parse the logs and at the same time have created a translate_plugin to create dictionary_path and adding customised field but I am not sure how to index that field using logstash-template.json?

Can someone please help me on this?

translate {
field => "query"
destination => "malicious_domain"
refresh_interval => 20
dictionary_path => '/etc/logstash/isndoms.yaml'
}

I need to Index malicious_domain field; please help me on this!!

Blason · December 2, 2017, 6:20pm

Ok - I guess I did not refresh the index that resolved the issue..

system · December 30, 2017, 6:21pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Tranlate filter for bind logs but multiple fields Logstash	1	260	August 1, 2018
Set up index for fields created with logstash Logstash	2	829	September 14, 2018
Problem overwriting field using json filter plugin Logstash	4	756	April 5, 2022
Unable to search on a specific field Elasticsearch	6	372	August 21, 2019
Error indexing using xml plugin Logstash	8	3492	April 13, 2020

Unable to index one field..please help

Related topics