Correlating two different feilds from two different indxes

Raj_Kumar · February 7, 2018, 1:05pm

Hi All,

Is it possible to correlate two different fields from two different indexes using logstash using mutate or translate filter?

Like

filter {
 if [netflow][ipv4_src_addr] == [entity_threat] {
  mutate {
    add_tag => "true_src"
       }
    } else {
  if [netflow][ipv4_dst_addr] == [entity_threat] {
  mutate {
    add_tag => "true_dst"
       }
     }
   }

Note: [netflow][ipv4_src_addr] is netflow-* index
and
[entity_threat] is in threat-* index

Please anyone help me to figure this out.

Thanks,
Raj

system · March 7, 2018, 1:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.