I have round about 1500 subnets, with masks from /18 to /29, but mainly /24 networks.
I tried to use the cidr logstash filter plugin but the pipeline then come not up. i think because the pipeline is too big and there are too many checks.
How to archive the target?
I want to add a field with cidr notation from a source.ip field.
Example:
I know there is an 10.0.0.0/24 network. If a see Traffic from 10.0.0.221 a field source.network should be added with content "10.0.0.0/24".
Anyone have a solution for this?