I am still new and working to figure out how to use elasticsearch correctly to do what I want. I have been able to write some query's to get some information about all of the traffic on our network but now I would like to filter out anything that is internal and only show internet traffic.
Currently I am setup as follows
ASA firewall -> ELK (via Netflow)
What is the proper way to exclude 10.0.0.0/4, 172.16.0.0/12 and 192.168.0.0/16 from the rest of the traffic. Im sure its simple and I am just going about it all wrong.