I want add a field {"key" => "value1"}
when address match "192.168.1.1/24", add a field {"key" => "value2"}
when address match "192.168.2.1/24"..., but accord the reference, I wrote configs like this:
filter {
cidr {
add_field => {"key" => "value1"}
address => ["%{host}", "%{ip}"]
network => ["192.168.1.1/24"]
}
}
filter {
cidr {
add_field => {"key" => "value2"}
address => ["%{host}", "%{ip}"]
network => ["192.168.2.1/24"]
}
}
...
filter {
cidr {
add_field => {"key" => "valueN"}
address => ["%{host}", "%{ip}"]
network => ["192.168.N.1/24"]
}
}
my understanding: these all filters will process the event.
my aims is that if address matches rule a, it will not matches rule b. like if ... else if ... else ...
forgive me poor english.