CIDR filter reports IP6 addresses as invalid

daniel.dayley · September 10, 2019, 6:51pm

Hey guys, I'm hoping this is an issue on my end rather than an issue with the CIDR filter, but I'm seeing a lot of logstash errors in my CIDR filter relating to certain IP addresses:

[WARN ][logstash.filters.cidr    ] Invalid IP address, skipping {:address=>"%{src}", :event=>#<LogStash::Event:0x54e98d7f>}

My current code relating to that portion is:

cidr {
           address => [ "%{src}" ]
           network_path => "/etc/tables/networks"
           add_field => { "source.internal" => true }
}
mutate {convert => {"source.internal" => "boolean"}}

All the addresses that are triggering the warning are IP6 addresses such as:

2001:2:0:aab1:d94a:844b:7604:ddde
2620:12b:d000:400::1fc5

I'm showing those IP addresses as valid, is there something I'm missing?
Thanks!

Badger · September 10, 2019, 7:15pm

This works for me.

input { generator { count => 1 lines => [ '' ] } }
filter {
    mutate { add_field => { "src" => "2001:2:0:aab1:d94a:844b:7604:ddde" } }
    cidr { address => "%{src}" add_field => { "source.internal" => true } network => "2001:2:0::/48" }
}
output { stdout { codec => rubydebug { metadata => false } } }

Are you sure that is the value of your [src] field? Leading or trailing blanks would cause that failure.

It would have been nice if the filter logged the address after it has been sprintf'd.

system · October 8, 2019, 7:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash filter cidr error Logstash	11	3938	March 7, 2017
Cidr filter will not accept ipv6 loopback addresses Logstash	1	450	May 23, 2020
Cidr plugin just generate warnings Logstash	6	1170	September 10, 2018
Invalid IP network, skipping {:network=>"10.13.7.0/10.13.7.24" Logstash	2	645	January 7, 2020
Logstash CIDR Plugin not working Logstash	2	257	November 15, 2021

CIDR filter reports IP6 addresses as invalid

Related topics