Hey guys, I'm hoping this is an issue on my end rather than an issue with the CIDR filter, but I'm seeing a lot of logstash errors in my CIDR filter relating to certain IP addresses:
[WARN ][logstash.filters.cidr ] Invalid IP address, skipping {:address=>"%{src}", :event=>#<LogStash::Event:0x54e98d7f>}
My current code relating to that portion is:
cidr {
address => [ "%{src}" ]
network_path => "/etc/tables/networks"
add_field => { "source.internal" => true }
}
mutate {convert => {"source.internal" => "boolean"}}
All the addresses that are triggering the warning are IP6 addresses such as:
2001:2:0:aab1:d94a:844b:7604:ddde
2620:12b:d000:400::1fc5
I'm showing those IP addresses as valid, is there something I'm missing?
Thanks!