1. copy "/conf.d/20-dns-syslog.conf" to your logstash folder (usually /etc/logstash)
1. copy "/conf.d/20-dns-syslog.conf" to your logstash folder (usually /etc/logstash/)
2. customize "ELASTICSEARCHHOST:PORT" in the output section at the bottom of the file
2. customize "ELASTICSEARCHHOST:PORT" in the output section at the bottom of the file
3. copy "dns" to "/etc/logstash/patterns/"
3. copy "dns" to "/etc/logstash/patterns/"
4. restart logstash
4. restart logstash
...
@@ -47,8 +47,3 @@ The result will look like this:
...
@@ -47,8 +47,3 @@ The result will look like this:
You should then be able to see your new dashboard and visualizations.
You should then be able to see your new dashboard and visualizations.
credits to [skaldenhoven](https://github.com/skaldenhoven) who contributed quiet some nice details to the configuration and parsing logic as well as troubleshooting and testing!