Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
**1. Hello Everyone,
Just wanted to check how can we add assets IP (Address) to Graylog Stream?
There are basically two of of adding IP address to a Stream
1. Stream Rule Based (Stream --> Manage Rule -->Add Stream Rule (field: gl2_remote_ip (enter_IP_which_you_want_to_add_to_stream))) --> Save
2. Lookup table based -- Can anyone share what is the method of adding IP address to a Stream using lookup table.
2. : We have 4 GL HA, 10 ES HA, & 3 Mongo in Replica Set
OS Information: RHEL 7
Package Version: Graylog 4.0.15
Service logs, configurations, and environment variables:
3. What steps have you already taken to try and solve the problem?
4. How can the community help?
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]
Are you looking for the DNS lookup table? More info in docs here…
Adding on, but I’m not sure what you want to do.
Here is a example.
Adding Stream rule with IP Address.
As for a lookup table I have used it on my Input/s. I haven’t use the DNS Lookup as @tmacgbay stated above.
Or you can use “source field” with FQDN
I am looking to to setup DNS lookup table.
I have created the lookup table following the instructions, the link which you shared (Data Adaptor, Cache, Lookup table).
I think next step is
Cluster Global API → System/Lookup : Lookup tables → Show → GET
But I am not sure how this adaptor is getting mapped with Stream ID.
This method of adding IP address to Stream puts more load on the system, therefore Graylog recommends to follow Data Adaptor based addition.
Can you be more descriptive of what you want? How are you figuring out what IP to put into the message fields? Do you want to translate the
source field to a separate
source_IP field based on the DNS table?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.