Winlogbeats add public IP info

Is there anyway with winlogbeats to get the devices current public IP and add that to the event data?

Hi Philip,

there is probably a way to get this working in the script processor maybe, but for sure no easy way:

Otherwise there might be a way if you use logstash output in winlogbeat and then enrich it using exec input and execute a Powershell script to identify the public IP:

Or you identify this public IP using an external Powershell script that writes from time to time a text file and from winlogbeat you read the content of this file using the script processor and move the content into a field.

That are the possibilities that come to mind.

great thank you, plenty of methods to explore

Sure. Let me know if there are still issues.

