I have a configuration file for filtering documents from the specific IP-addresses. Also, it adds or changes some fields in the documents. This file uses regular expressions and mutate plugin. For input it uses netflow plugin. I want to transform this configuration file to be able to do the same using cidr plugin (without regular expressions). But when I do this, logstash misses a lot of documents it needs to process (say, with regexps I receive 40000 documents while using cidr I receive only 10000 documents). What can be the cause of such weird behavior?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.