Hi,
I am sending JSON formatted logs to my 5.4 Logstash.
I am using Json Filter Plugin.
One of the JSON fields is Source_IP, the point is that Source_IP field is coming as decimal long number like "3105947710" (which in ipv4 fomat means 185.33.0.62).
so eventually i am getting this JSON property:
"Source_IP": "3105947710"
I tried to use some "ruby code => " functions i found here in the forum but all came back with ruby error exceptions.
is there any way or logstash filter to convert this decimal IP address "3105947710" to IP4V dotted format "185.33.0.62"
I tired those methods but with no help, maybe i write somthing wrong:
ruby {
code => 'event["ip_as_dotted_quad"] = [event["your_field_here"].to_i].pack("N").unpack("C4").join(".")'
}ruby {
code => "require 'ipaddr' decimalip = event['Source_IP'].abs event['ip'] = IPAddr.new(decimalip,Socket::AF_INET).to_s"
}
eventually i want to send and store in my elasticsearch index only the IPv4 dotted adresses converted.
thanks for the help