CIDR filter detect which ip matched

Elastic Stack Logstash
1

hey guys :slight_smile:

i wonder if it is possible to set a tag within the cidr filter depending on what ip (src or dst) matched the network.
this is my code so far.

cidr {
                address => [ "%{src_ip}", "%{dst_ip}" ]
                network => ['10.1.1.0/24']
                add_tag => [ 'match_src' ]
            }

So basically, i want the tag "match_src" if the source ip matched the network and "matched_dst" if the destination ip matched the network.
Is this possible? I know i could just use the cidr code 2 times, but i am worried about performance, since a large set of data will run through the filter.

many thanks in advance!!

2

I looked at the code, unfortunately, the CIDR filter does not have this functionality. Two filters is your only option.

1 Like
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.