Hi All,
Will I be able to match my ip address to subnets ,i know we can use CIDR ,but I have around 800 subnets is there any way I can match the ip addresses with that using translate and CIDR together .
I want to match my source ip and destination ip , to the csv file which I have for 800 subnets with location details.
Any help would be appreciable and useful for me
Thank you in Advance
Raj
Any help pls 
I'm pretty sure you can do this very easy.
lets's say you have a subnet 192.168.0.0-192.168.0.255 called Home.
You should have a field IPSource that reads the ip from the message.
then use an if in your output:
if "192.168.0.*" in [IPSource]{
subnet => "Home"
}
Thank you so much for the reply ,but i have 800 unique subnets with different location names, is it only way to hard code each every subnets?
If I were you I would just read both files in and then match them in elasticsearch. I think elasticsearch is beter fit to solve this problem.
77.72.127.96/29 25 home
67.72.107.88/29 25 home2
52.211.247.96/27 home3
47.72.84.0/27 home4
31.161.152.0/24 home5
27.73.110.0/23 home6
Something like this if i get a source ip in 77.72.127.97 in my logs, i should get a field name called home
Any sugesstions ?
I'm also a beginner I just started using ELK since 1 week so I can't just give you the answer but I can help looking
This looks pretty usefull. Just take your time and look some more into elasticsearch I'm pretty sure you can find the solution in less then a day
Thank you
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.