How to send ip address to logstash using input as "file"?

Question

I am sending few logs to logstash central server using another logstash on client as shipper. The input type is "file". The messages are received fine on server but it does not reflect the IP address of the client. It sends the hostname instead in field "@source_host". Is there anything I can do to get IP as a field? Maybe a filter?

Client conf:

input {
  file {
    format => "plain"
    path => "/var/log/app/test1.txt"
    type => "start"
  }
}

output {
  redis {
    host => "test.example.com"
    data_type => "list"
    key => "logstash"
  }
}

score 0 · Answer 1 · answered Oct 23 '13 at 16:20

0

You can use the 'dns' filter to do a reverse lookup, then use it to set the field. http://logstash.net/docs/1.2.2/filters/dns

answered Oct 23 '13 at 16:20

Dan Garthwaite

2,962
1
19
31

score 0 · Answer 2 · answered Mar 19 '17 at 10:18

If the client IP you want is static, then I would suggest you could replace the content @source_host using the mutate filter

E.g. :

filter {
  mutate {
    replace => ["@source_host","xx.xx.xx.xx"]
  }
}

If you just wanted the IP in a field (rather than in @source_host), you could add it in your input:

input {
  file {
    format => "plain"
    path => "/var/log/app/test1.txt"
    type => "start"
    add_field => ['source_ip','xx.xx.xx.xx']
  }
}

Otherwise, if you really do need to resolve non-static client hostnames, then @Dan Garthwaite's answer is the right one.

How to send ip address to logstash using input as "file"?

2 Answers2