Elastalertrule - exclude ip#


(Martin) #1

Hello!
I need help to exclude an IP# in a rule.

This rule watches for firewall_rejects. I have started with this:

filter:
- regexp:
** ip_address: "^(?!192.168.0.2).*$"**

I do not need alertings or emails from the IP# 192.168.0.2 in this rule, what is to do?

Br,
Martin


(Thiago Souza) #2

This forum is for official Elastic software. For Elastalert I suggest that you try some other discussion forum such as StackOverflow or maybe ask the authors directly.


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.