CIDR filter detect which ip matched

freki · July 31, 2019, 7:26am

hey guys

i wonder if it is possible to set a tag within the cidr filter depending on what ip (src or dst) matched the network.
this is my code so far.

cidr {
                address => [ "%{src_ip}", "%{dst_ip}" ]
                network => ['10.1.1.0/24']
                add_tag => [ 'match_src' ]
            }

So basically, i want the tag "match_src" if the source ip matched the network and "matched_dst" if the destination ip matched the network.
Is this possible? I know i could just use the cidr code 2 times, but i am worried about performance, since a large set of data will run through the filter.

many thanks in advance!!

guyboertje · July 31, 2019, 8:43am

I looked at the code, unfortunately, the CIDR filter does not have this functionality. Two filters is your only option.

system · August 28, 2019, 8:51am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash CIDR Plugin not working Logstash	2	257	November 15, 2021
Logstash CIDR Filter : create new field with matched network Logstash	3	860	April 2, 2021
Using cidr plugin for tagging logs Logstash	28	7067	February 24, 2017
Logstash CIDR network range Logstash	2	237	November 5, 2020
Does logstash-filter-cidr support mutiple address match like if condition Logstash	1	348	December 5, 2019

CIDR filter detect which ip matched

Related Topics