Operate on message field other than "source" #1
Comments
|
+1, I think this would be great. |
|
+1 as well. It would be awesome to have DNS lookip on IIS logs where we have a field like "HTTPclientIp":"10.0.0.1" |
|
It's most likely that this will be implemented in the message pipeline processors, see Graylog2/graylog-plugin-pipeline-processor#27 |
|
Where are the source field? i think i don't have it, any results over another filed different thank source? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Would it be possible to make this plugin configurable to look at a field in the message other than source?
Assuming "dns_resolver_run_before_extractors=false" is set, the extractors would run first and create many other fields in the messages. It would be great to be able to configure this plugin to look at one or more fields created by the extractors, which contain IP addresses, and do an RDNS on those. This plugin could then be used to do RDNS on IPs in firewall log messages, rather than just on the IP of the device sending the message to Graylog.
I unfortunately cannot contribute to this as I don't have much in the way of Java skills, but it would be really cool if it could be done.
The text was updated successfully, but these errors were encountered: