Pull IP address

shotarry · September 10, 2021, 11:30am

Hello folks,

I’m using Graylog 4.0.5+d95b909, I’m trying to build monitoring system via slack, I managed to display full message, source hostname and also I need IP address, where I need your experience. I tried various variable with no luck. As per checking there is no IP address in message but when I search IP address in graylog it shows logs and also hostname of device.

Any suggestion where I should find IP address to insert variable in alert?

At this moment it looks like this :

[Event Definition]
Title: ${event_definition_title}
Device source : ${foreach backlog message}${message.source}${end}
Source IP : ${foreach backlog message}${message.ip}${end}
Full message : ${foreach backlog message}${message.message}${end}

shoothub · September 10, 2021, 12:02pm

Hi @shotarry
if there is no IP address in message from where do you want to extract it? Do you want to use IP address of sending device?

If so, you can use graylog’s internal field gl2_remote_ip which contains source IP address of sending device, so IP address of the sending server.

Source IP : ${foreach backlog message}${message.fields.gl2_remote_ip}${end}

shotarry · September 10, 2021, 2:14pm

yes, that’s what i needed,

Thanks a lot, you are truly hero

system · September 24, 2021, 2:14pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to find ip address of the source Graylog Central (peer support)	6	11771	November 2, 2018
Extract raw source IP from message? Graylog Central (peer support)	2	1966	April 21, 2017
Syslog input without source ip Graylog Central (peer support)	4	5586	February 2, 2018
FQDN or IP address Graylog Central (peer support)	2	877	May 2, 2018
Search by source IP Graylog Central (peer support)	4	7128	December 4, 2018

Pull IP address

Related topics