stackoom
  简体   繁体   中英

Logstash, elasticsearch, Kibana, include IP

 原文  2014-02-28 17:12:27       redis/ elasticsearch/ logstash/ indexer/ kibana

Question

I have a redis server, logstash indexer server, and an elasticsearch server. How can I have the indexer server or even the shipper servers include the IPs in the log so that it's easier to sort in Kibana? Or is this something that is done in the elasticsearch config?

2 answers

solution1
 2 ACCPTED  2014-03-01 01:43:47

When your input log to logstash, logstash will create an event and add hostname to the event. Logstash use hostname instead of IP because one server will have several IP. For example, 127.0.0.1, public IP etc. therefore it doesn't know which IP to use. So logstash use hostname.

solution2
 2  2014-03-03 19:34:07

Did it. I added this: 

filter {
   dns {
      add_field => [ "IPs", "Logs, from %{host}" ]
     }
}

filter {
   dns {
      type => [ "MESSAGES" ]
      resolve => [ "host" ]
      action => [ "replace" ]
     }
}

Reason why I used a double filter was so that I still was able to keep the hostname after "replace" overwrote the host value to the IP address.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Logstash - ElasticSearch - Kibana :: delay of 10 or more seconds logstash with elasticsearch_http Distributed logstash + redis + elasticsearch setup Logstash + Elasticsearch failover locally or retry Logstash input plugin: Redis vs Elasticsearch Handling RACE CONDITION in Docker containers of a django app which include postgres,nginx,celery,redis,elasticsearch Dockerize Logstash, Redis setup Using redis with logstash redis - logstash - influxdb datatransfer Logstash Redis Input connection refused
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM