I am sending logs from my node to logstash using file beat. There are multiple such a kind of nodes who are sending logs to logstash using file beat.
Basically I want to know the public IP address of my node so that I can plot a visualization in KIBANA with geoip based location.
And as my node is behind NAT, I can't print IP address as part of my log entry (eg., syslog entry); because locally I know only private IP of the node.
Is there any way that logstash can automatically know my node's IP address and insert it as a elastic search field?
Theoretically it should be possible as when logstash gets the information from beats, he should be knowing the IP address from where he is getting that.
Thanks in advance.
It is not possible with the current Logstash Beats input to configure it to enrich incoming events with the remote IP from which the event was received.
This feature was proposed in the past for the older Logstash Lumberjack input, but there isn't an open feature request for this in the Beats input. I suggest you request it.