Can filter set dictionary matching in logstash? (similar to GeoIP)

problem description

there is a requirement to get the accessed domain name / IP from the log and want to match the type and Chinese name of the website in filter.
the type and Chinese name of the website are stored in a database file, just like a dictionary, the fields that add the type and name of the site are left blank.

for example, if the domain name of the visited website collected from the log is: www.baidu.com, you can set the matching website database in filter, and the matching result is: website type: search category, site name: Baidu search, then add the field of "site type: search category, site name: Baidu search" in the field.

this requirement is very similar to GeoIP. Matching longitude, latitude, region, and other information from an IP address is also based on a database file.

Elk logstash elasticsearch kibana filebeat

Apr.07,2022

write your own filter plugin

or curve salvation
install rest filter
https://github.com/lucashenni...
store the data in the database, then develop an interface for rest, and the logstash plug-in reads the data of this interface

Previous: Mysql grouping statistics counts all the recharge amounts under each agent

Next: Flask-migrate always has a card owner when upgrading the database. What should I do?

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b2b73d-2b2eb.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b2b73d-2b2eb.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?