Hello!
I need help to exclude an IP# in a rule.
This rule watches for firewall_rejects. I have started with this:
filter:
- regexp:
** ip_address: "^(?!192.168.0.2).*$"**
I do not need alertings or emails from the IP# 192.168.0.2 in this rule, what is to do?
Br,
Martin
This forum is for official Elastic software. For Elastalert I suggest that you try some other discussion forum such as StackOverflow or maybe ask the authors directly.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.