i want use add_kubernetes_metadata for both source.ip and destination.ip but it just add source.ip information in kubernetes.pod.name and .... and i dont have any data from destinatio.ip.
i use rename like this and problem solved.
- add_kubernetes_metadata:
in_cluster: true
scope: cluster
matchers:
- fields:
lookup_fields:
- source.ip
- rename:
fields:
- from: kubernetes
to: source.kubernetes
ignore_missing: true
fail_on_error: false
- add_kubernetes_metadata:
in_cluster: true
scope: cluster
matchers:
- fields:
lookup_fields:
- destination.ip
- rename:
fields:
- from: kubernetes
to: destination.kubernetes
ignore_missing: true
fail_on_error: false