CIDR filter reports IP6 addresses as invalid

daniel.dayley · September 10, 2019, 6:51pm

Hey guys, I'm hoping this is an issue on my end rather than an issue with the CIDR filter, but I'm seeing a lot of logstash errors in my CIDR filter relating to certain IP addresses:

[WARN ][logstash.filters.cidr    ] Invalid IP address, skipping {:address=>"%{src}", :event=>#<LogStash::Event:0x54e98d7f>}

My current code relating to that portion is:

cidr {
           address => [ "%{src}" ]
           network_path => "/etc/tables/networks"
           add_field => { "source.internal" => true }
}
mutate {convert => {"source.internal" => "boolean"}}

All the addresses that are triggering the warning are IP6 addresses such as:

2001:2:0:aab1:d94a:844b:7604:ddde
2620:12b:d000:400::1fc5

I'm showing those IP addresses as valid, is there something I'm missing?
Thanks!

Badger · September 10, 2019, 7:15pm

This works for me.

input { generator { count => 1 lines => [ '' ] } }
filter {
    mutate { add_field => { "src" => "2001:2:0:aab1:d94a:844b:7604:ddde" } }
    cidr { address => "%{src}" add_field => { "source.internal" => true } network => "2001:2:0::/48" }
}
output { stdout { codec => rubydebug { metadata => false } } }

Are you sure that is the value of your [src] field? Leading or trailing blanks would cause that failure.

It would have been nice if the filter logged the address after it has been sprintf'd.

Topic		Replies	Views
Cidr Plugin - Warn and skipping data... Missing Data Logstash	4	810	August 26, 2020
Cidr plugin just generate warnings Logstash	6	1222	September 10, 2018
Cidr filter will not accept ipv6 loopback addresses Logstash	1	483	May 23, 2020
Logstash filter cidr error Logstash	11	4008	March 7, 2017
CIDR filter network_path error Logstash	4	597	March 24, 2019

CIDR filter reports IP6 addresses as invalid

Related topics