I want to enrich incoming ECS-compatible documents with a tag if they come from VPN IPs.
From my testing, the enrich processor cannot deal with IP-ranges. However, i want to use IP-ranges and not manually (or by a script) spell out thousands of IPs for the enrich policy. What's the best strategy to achieve this?
Ah thanks, thats a good idea I hadn't thought of before.
I think I'd rather wait for the enrich processor to support other datatypes though. Since I'm only using the vpn-tag for one watcher use-case, I'll just use the terms query for now (it supports searching for CIDR-strings against IP fields)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.