Cidr plugin just generate warnings

Hello. I've got a trouble with cidr plugin. Im trying to use it this way:

if ([maliciousIP] == 'false' and [target_host]=~ /^([0-9]{1,3}.){3}([0-9]{1,3})/)
address => ["%{target_host}"]
network_path => '/etc/logstash/conf.d/ipblacklists/subnets.yaml'
add_field => { "DangerousSubnet" => "true" }

but i only got

[WARN ][logstash.filters.cidr ] Invalid IP address, skipping {:address=>"%{target_host}"

in my logs and field DangerousSubnet not added.
Whats wrong?

the question is still relevant

this question is not an Elasticsearch question, so I moved it over to the Logstash forum. Hopefully you will get an answer there.

Have you verified the field content of that address? What is it?

The field was not added because the filter did not successfuly complete. Decoration only happens when a filter succeeds.

The message you are getting suggests the field does not exist, so the field substitution does not occur. How that condition could test true if the field does not exist is beyond me.

Content is ip addresses from dns logs. Like '' etc.
Field added in config before

Oh. Sorry, im blind. I incorrectly used the dns plugin, and therefore I do not have an address in this field.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.