Does logstash-filter-cidr support mutiple address match like if condition

Elastic Stack Logstash
1

I want add a field {"key" => "value1"} when address match "192.168.1.1/24", add a field {"key" => "value2"} when address match "192.168.2.1/24"..., but accord the reference, I wrote configs like this:

filter {
        cidr {
        add_field => {"key" => "value1"}
        address => ["%{host}", "%{ip}"]
        network => ["192.168.1.1/24"]
    }
}

filter {
        cidr {
        add_field => {"key" => "value2"}
        address => ["%{host}", "%{ip}"]
        network => ["192.168.2.1/24"]
    }
}

...

filter {
        cidr {
        add_field => {"key" => "valueN"}
        address => ["%{host}", "%{ip}"]
        network => ["192.168.N.1/24"]
    }
}

my understanding: these all filters will process the event.

my aims is that if address matches rule a, it will not matches rule b. like if ... else if ... else ...

forgive me poor english.

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.