https://stackoverflow.com/questions/22101605
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianWhen your input log to logstash, logstash will create an event and add hostname to the event. Logstash use hostname instead of IP because one server will have several IP. For example, 127.0.0.1, public IP etc. therefore it doesn't know which IP to use. So logstash use hostname.
Logstash, elasticsearch, Kibana, include IP
-
18-10-2022 - |
Question
I have a redis server, logstash indexer server, and an elasticsearch server. How can I have the indexer server or even the shipper servers include the IPs in the log so that it's easier to sort in Kibana? Or is this something that is done in the elasticsearch config?
Solution
OTHER TIPS
Did it. I added this:
filter {
dns {
add_field => [ "IPs", "Logs, from %{host}" ]
}
}
filter {
dns {
type => [ "MESSAGES" ]
resolve => [ "host" ]
action => [ "replace" ]
}
}
Reason why I used a double filter was so that I still was able to keep the hostname after "replace" overwrote the host value to the IP address.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
