- Journalbeat Reference for 6.5-7.15:
- Overview
- Getting started with Journalbeat
- Setting up and running Journalbeat
- Configuring Journalbeat
- Configure inputs
- Specify general settings
- Configure the internal queue
- Configure the output
- Configure index lifecycle management
- Specify SSL settings
- Filter and enhance the exported data
- Define processors
- Add cloud metadata
- Add fields
- Add labels
- Add the local time zone
- Add tags
- Decode CSV fields
- Decode JSON fields
- Decode Base64 fields
- Decompress gzip fields
- Community ID Network Flow Hash
- Convert
- Drop events
- Drop fields from events
- Extract array
- Keep fields from events
- Registered Domain
- Rename fields from events
- Add Kubernetes metadata
- Add Docker metadata
- Add Host metadata
- Add Observer metadata
- Dissect strings
- DNS Reverse Lookup
- Add process metadata
- Script Processor
- Timestamp
- Parse data by using ingest node
- Enrich events with geoIP information
- Configure project paths
- Configure the Kibana endpoint
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- Regular expression support
- HTTP Endpoint
- journalbeat.reference.yml
- Exported fields
- Monitoring Journalbeat
- Securing Journalbeat
- Troubleshooting
Registered Domain
editRegistered Domain
editThe registered_domain
processor reads a field containing a hostname and then
writes the "registered domain" contained in the hostname to the target field.
For example, given www.google.co.uk
the processor would output google.co.uk
.
In other words the "registered domain" is the effective top-level domain
(co.uk
) plus one level (google
).
This processor uses the Mozilla Public Suffix list to determine the value.
processors: - registered_domain: field: dns.question.name target_field: dns.question.registered_domain ignore_missing: true ignore_failure: true
The registered_domain
processor has the following configuration settings:
Table 1. Registered Domain options
Name | Required | Default | Description | |
---|---|---|---|---|
|
yes |
Source field containing a fully qualified domain name (FQDN). |
||
|
yes |
Target field for the registered domain value. |
||
|
no |
false |
Ignore errors when the source field is missing. |
|
|
no |
false |
Ignore all errors produced by the processor. |
|
|
no |
An identifier for this processor instance. Useful for debugging. |
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now