mrlesmithjr/logstash_source_host_ip.conf

## logstash_source_host_ip.conf
filter {
  if ![source_host_ip] and "_grokparsefailure" not in [tags] {
    mutate {
      add_field => [ "source_host_ip", "%{host}" ]
    }
    dns {
      resolve => [ "source_host_ip" ]
      action => "replace"
    }
    if [source_host_ip] == "127.0.1.1" {
      mutate {
        update => [ "source_host_ip", "" ]
      }
    }
    mutate {
      add_field => [ "resolve_hostname", "%{source_host_ip}" ]
    }
    dns {
      reverse => [ "resolve_hostname" ]
      action => "replace"
    }
    mutate {
      replace => [ "host", "%{resolve_hostname}" ]
    }
  }
}
	filter {
	if ![source_host_ip] and "_grokparsefailure" not in [tags] {
	mutate {
	add_field => [ "source_host_ip", "%{host}" ]
	}
	dns {
	resolve => [ "source_host_ip" ]
	action => "replace"
	}
	if [source_host_ip] == "127.0.1.1" {
	mutate {
	update => [ "source_host_ip", "" ]
	}
	}
	mutate {
	add_field => [ "resolve_hostname", "%{source_host_ip}" ]
	}
	dns {
	reverse => [ "resolve_hostname" ]
	action => "replace"
	}
	mutate {
	replace => [ "host", "%{resolve_hostname}" ]
	}
	}
	}