Is there a way to enrich log data with local DNS names for a specific field? An example field is orig_h, which has an IP address in it. I would like to be able to grab an internal DNS name if one exists within a pipeline rule-set.
Regards,
Brandon
Hej @alias454
you would need to build your own pipeline function for that - currently this is not possible with vanilla Graylog.
I’m not a programmer but maybe you can point me in the right direction. Where would I start with something like this?
It also appears there is some work being discussed? related https://github.com/Graylog2/graylog-plugin-pipeline-processor/issues/27
How to write your own Pipeline function is written in this blog posting.
And yes, in the linked feature issue this is discussed, but currently not implemented.
I was hoping maybe there was an ETA on this feature but since there doesn’t appear to be, I guess I’ll give it a go. I have read those docs before so I will see if I can make my way through them.