Does logstash-filter-cidr support mutiple address match like if condition

tacyeh · November 7, 2019, 4:20am

I want add a field {"key" => "value1"} when address match "192.168.1.1/24", add a field {"key" => "value2"} when address match "192.168.2.1/24"..., but accord the reference, I wrote configs like this:

filter {
        cidr {
        add_field => {"key" => "value1"}
        address => ["%{host}", "%{ip}"]
        network => ["192.168.1.1/24"]
    }
}

filter {
        cidr {
        add_field => {"key" => "value2"}
        address => ["%{host}", "%{ip}"]
        network => ["192.168.2.1/24"]
    }
}

...

filter {
        cidr {
        add_field => {"key" => "valueN"}
        address => ["%{host}", "%{ip}"]
        network => ["192.168.N.1/24"]
    }
}

my understanding: these all filters will process the event.

my aims is that if address matches rule a, it will not matches rule b. like if ... else if ... else ...

forgive me poor english.

system · December 5, 2019, 4:21am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
CIDR, location lookup in the most efficient way Logstash	3	1352	June 13, 2018
Logstash CIDR Plugin not working Logstash	2	257	November 15, 2021
Cidr plugin just generate warnings Logstash	6	1170	September 10, 2018
CIDR filter reports IP6 addresses as invalid Logstash	2	291	October 8, 2019
Cidr plugin - array fields for address input Logstash	3	582	July 1, 2020

Does logstash-filter-cidr support mutiple address match like if condition

Related topics