mrlesmithjr/gist:5418614c89ae8c96da0f

## gistfile1.txt
# Add src_ip if not already found
filter {
        if [type] == "syslog" {
                if [src_ip] == "" {
                        mutate {
                                add_field => [ "src_ip", "%{syslog_hostname}" ]
                        }
                        dns {
                                resolve => [ "src_ip" ]
                                action => "replace"
                        }
                }
        }
}
	# Add src_ip if not already found
	filter {
	if [type] == "syslog" {
	if [src_ip] == "" {
	mutate {
	add_field => [ "src_ip", "%{syslog_hostname}" ]
	}
	dns {
	resolve => [ "src_ip" ]
	action => "replace"
	}
	}
	}
	}