Now, there's a catch. Be aware that I have trouble with this approach in 8.17.3. Here's my configuration:

      mutate {
        copy => { "[haproxy][http][request][http_host]" => "[srv][server_ip]" }
      }

      dns {
        resolve => "[srv][server_ip]"
        action => "replace"
      }

The whole [haproxy][http]… array is created with my own customised grok filter earlier in the configuration. And this gives me error:

DNS filter could not resolve missing field {:field=>"[srv][server_ip]"}

It seems that dns filter (and split and others…) do not work on fields I created earlier with grok filter. It works only on fields that come in the original request.