Ryfujk

Why is "Captain Marvel" translated as male in Portugal?

What would be Julian Assange's expected punishment, on the current English criminal law?

Was credit for the black hole image misattributed?

Limit for e and 1/e

Problem when applying foreach loop

Can the prologue be the backstory of your main character?

What's the point in a preamp?

What items from the Roman-age tech-level could be used to deter all creatures from entering a small area?

What computer would be fastest for Mathematica Home Edition?

New Order #5: where Fibonacci and Beatty meet at Wythoff

What LEGO pieces have "real-world" functionality?

How to rotate it perfectly?

Why don't the Weasley twins use magic outside of school if the Trace can only find the location of spells cast?

What is the electric potential inside a point charge?

How to colour the US map with Yellow, Green, Red and Blue to minimize the number of states with the colour of Green

Should you tell Jews they are breaking a commandment?

How many spell slots should a Fighter 11/Ranger 9 have?

If A makes B more likely then B makes A more likely"

3 doors, three guards, one stone

Is there folklore associating late breastfeeding with low intelligence and/or gullibility?

How can I make names more distinctive without making them longer?

Estimate capacitor parameters

Autumning in love

Fishing simulator

How to send ip address to logstash using input as “file”?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}

3

1

I am sending few logs to logstash central server using another logstash on client as shipper. The input type is "file". The messages are received fine on server but it does not reflect the IP address of the client. It sends the hostname instead in field "@source_host". Is there anything I can do to get IP as a field? Maybe a filter?

Client conf:

input {

  file {

    format => "plain"

    path => "/var/log/app/test1.txt"

    type => "start"

  }

}



output {

  redis {

    host => "test.example.com"

    data_type => "list"

    key => "logstash"

  }

}

logstash

share|improve this question

asked Feb 26 '13 at 13:13

Aditya PatawariAditya Patawari

916722

bumped to the homepage by Community♦ 10 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  How goes the battle?
  
  – Dan Garthwaite
  Feb 2 '15 at 2:53
  

  
  
  
  

add a comment | 

3

1

I am sending few logs to logstash central server using another logstash on client as shipper. The input type is "file". The messages are received fine on server but it does not reflect the IP address of the client. It sends the hostname instead in field "@source_host". Is there anything I can do to get IP as a field? Maybe a filter?

Client conf:

input {

  file {

    format => "plain"

    path => "/var/log/app/test1.txt"

    type => "start"

  }

}



output {

  redis {

    host => "test.example.com"

    data_type => "list"

    key => "logstash"

  }

}

logstash

share|improve this question

asked Feb 26 '13 at 13:13

Aditya PatawariAditya Patawari

916722

bumped to the homepage by Community♦ 10 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  How goes the battle?
  
  – Dan Garthwaite
  Feb 2 '15 at 2:53
  

  
  
  
  

add a comment | 

I am sending few logs to logstash central server using another logstash on client as shipper. The input type is "file". The messages are received fine on server but it does not reflect the IP address of the client. It sends the hostname instead in field "@source_host". Is there anything I can do to get IP as a field? Maybe a filter?

Client conf:

input {

  file {

    format => "plain"

    path => "/var/log/app/test1.txt"

    type => "start"

  }

}



output {

  redis {

    host => "test.example.com"

    data_type => "list"

    key => "logstash"

  }

}

logstash

share|improve this question

asked Feb 26 '13 at 13:13

Aditya PatawariAditya Patawari

916722

input {

  file {

    format => "plain"

    path => "/var/log/app/test1.txt"

    type => "start"

  }

}



output {

  redis {

    host => "test.example.com"

    data_type => "list"

    key => "logstash"

  }

}

share|improve this question

asked Feb 26 '13 at 13:13

Aditya PatawariAditya Patawari

916722

share|improve this question

asked Feb 26 '13 at 13:13

Aditya PatawariAditya Patawari

916722

asked Feb 26 '13 at 13:13

Aditya PatawariAditya Patawari

916722

asked Feb 26 '13 at 13:13

Aditya PatawariAditya Patawari

916722

2 Answers
2

active

oldest

votes

0

You can use the 'dns' filter to do a reverse lookup, then use it to set the field.
http://logstash.net/docs/1.2.2/filters/dns

share|improve this answer

answered Oct 23 '13 at 16:20

Dan GarthwaiteDan Garthwaite

2,5311427

add a comment | 

0

If the client IP you want is static, then I would suggest you could replace the content @source_host using the mutate filter

E.g. :

filter {

  mutate {

    replace => ["@source_host","xx.xx.xx.xx"]

  }

}

If you just wanted the IP in a field (rather than in @source_host), you could add it in your input:

input {

  file {

    format => "plain"

    path => "/var/log/app/test1.txt"

    type => "start"

    add_field => ['source_ip','xx.xx.xx.xx']

  }

}

Otherwise, if you really do need to resolve non-static client hostnames, then @Dan Garthwaite's answer is the right one.

share|improve this answer

answered Mar 19 '17 at 10:18

iwaseatenbyagrueiwaseatenbyagrue

3,097718

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f482599%2fhow-to-send-ip-address-to-logstash-using-input-as-file%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

You can use the 'dns' filter to do a reverse lookup, then use it to set the field.
http://logstash.net/docs/1.2.2/filters/dns

share|improve this answer

answered Oct 23 '13 at 16:20

Dan GarthwaiteDan Garthwaite

2,5311427

add a comment | 

0

You can use the 'dns' filter to do a reverse lookup, then use it to set the field.
http://logstash.net/docs/1.2.2/filters/dns

share|improve this answer

answered Oct 23 '13 at 16:20

Dan GarthwaiteDan Garthwaite

2,5311427

add a comment | 

You can use the 'dns' filter to do a reverse lookup, then use it to set the field.
http://logstash.net/docs/1.2.2/filters/dns

share|improve this answer

answered Oct 23 '13 at 16:20

Dan GarthwaiteDan Garthwaite

2,5311427

share|improve this answer

answered Oct 23 '13 at 16:20

Dan GarthwaiteDan Garthwaite

2,5311427

answered Oct 23 '13 at 16:20

Dan GarthwaiteDan Garthwaite

2,5311427

answered Oct 23 '13 at 16:20

Dan GarthwaiteDan Garthwaite

2,5311427

0

If the client IP you want is static, then I would suggest you could replace the content @source_host using the mutate filter

E.g. :

filter {

  mutate {

    replace => ["@source_host","xx.xx.xx.xx"]

  }

}

If you just wanted the IP in a field (rather than in @source_host), you could add it in your input:

input {

  file {

    format => "plain"

    path => "/var/log/app/test1.txt"

    type => "start"

    add_field => ['source_ip','xx.xx.xx.xx']

  }

}

Otherwise, if you really do need to resolve non-static client hostnames, then @Dan Garthwaite's answer is the right one.

share|improve this answer

answered Mar 19 '17 at 10:18

iwaseatenbyagrueiwaseatenbyagrue

3,097718

add a comment | 

0

If the client IP you want is static, then I would suggest you could replace the content @source_host using the mutate filter

E.g. :

filter {

  mutate {

    replace => ["@source_host","xx.xx.xx.xx"]

  }

}

If you just wanted the IP in a field (rather than in @source_host), you could add it in your input:

input {

  file {

    format => "plain"

    path => "/var/log/app/test1.txt"

    type => "start"

    add_field => ['source_ip','xx.xx.xx.xx']

  }

}

Otherwise, if you really do need to resolve non-static client hostnames, then @Dan Garthwaite's answer is the right one.

share|improve this answer

answered Mar 19 '17 at 10:18

iwaseatenbyagrueiwaseatenbyagrue

3,097718

add a comment | 

If the client IP you want is static, then I would suggest you could replace the content @source_host using the mutate filter

E.g. :

filter {

  mutate {

    replace => ["@source_host","xx.xx.xx.xx"]

  }

}

If you just wanted the IP in a field (rather than in @source_host), you could add it in your input:

input {

  file {

    format => "plain"

    path => "/var/log/app/test1.txt"

    type => "start"

    add_field => ['source_ip','xx.xx.xx.xx']

  }

}

Otherwise, if you really do need to resolve non-static client hostnames, then @Dan Garthwaite's answer is the right one.

share|improve this answer

answered Mar 19 '17 at 10:18

iwaseatenbyagrueiwaseatenbyagrue

3,097718

filter {

  mutate {

    replace => ["@source_host","xx.xx.xx.xx"]

  }

}

input {

  file {

    format => "plain"

    path => "/var/log/app/test1.txt"

    type => "start"

    add_field => ['source_ip','xx.xx.xx.xx']

  }

}

share|improve this answer

answered Mar 19 '17 at 10:18

iwaseatenbyagrueiwaseatenbyagrue

3,097718

answered Mar 19 '17 at 10:18

iwaseatenbyagrueiwaseatenbyagrue

3,097718

answered Mar 19 '17 at 10:18

iwaseatenbyagrueiwaseatenbyagrue

3,097718