Correlating two different feilds from two different indxes

Raj_Kumar · February 7, 2018, 1:05pm

Hi All,

Is it possible to correlate two different fields from two different indexes using logstash using mutate or translate filter?

Like

filter {
 if [netflow][ipv4_src_addr] == [entity_threat] {
  mutate {
    add_tag => "true_src"
       }
    } else {
  if [netflow][ipv4_dst_addr] == [entity_threat] {
  mutate {
    add_tag => "true_dst"
       }
     }
   }

Note: [netflow][ipv4_src_addr] is netflow-* index
and
[entity_threat] is in threat-* index

Please anyone help me to figure this out.

Thanks,
Raj

system · March 7, 2018, 1:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Relating two fields - using translate or mutate Logstash	5	652	March 7, 2018
Correlation of two log (sources) Logstash	7	8033	July 6, 2017
Translate filter Logstash	7	957	July 6, 2017
Field search using Logstash configuration Logstash	1	185	July 15, 2021
Correlating fields between 2 different logs/indices Elasticsearch	2	203	May 15, 2022

Correlating two different feilds from two different indxes

Related topics