Hello!
I need help to exclude an IP# in a rule.
This rule watches for firewall_rejects. I have started with this:
filter:
- regexp:
** ip_address: "^(?!192.168.0.2).*$"**
I do not need alertings or emails from the IP# 192.168.0.2 in this rule, what is to do?
Br,
Martin
This forum is for official Elastic software. For Elastalert I suggest that you try some other discussion forum such as StackOverflow or maybe ask the authors directly.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.