Hi all !
Im creating new fields from netflow information, for example get the ipaddres and resolve the hostname into another field.
mutate {
add_field => { "IPAddress" => "%{host}" }
add_field => { "Hostname" => "%{host}" }
}
dns {
nameserver => ["8.8.8.8"]
reverse => ["Hostname"]
action => replace
}
But when I do an "add_field => { "protocol_name" => "%{protocol}" }" from the protocol field, dont work, it print
"protocol_name" => "%{protocol}" and not the original value.
should be "protocol_name" => "1"
(in the netflow.yml loof like this
4:
- :uint8
- :protocol
and the output
{
"netflow" => {
"protocol" => 1,
Any idea why I cannot get the value from protocol field ?
Thanks
Diego