Filebeat 7.2 netflow module and adding custom fields

involuntary-pretzel · July 9, 2019, 12:31pm

Hi there

I recently switched from using the logstash.netflow module to the filebeat.netflow module (so the data shows in SIEM).

In the logstash.netflow configuration I had the following field [netflow][sampling_bytes] which gave a closer reading to the data being transfered.

filter { ... event.set( '[netflow][sampling_bytes]', event.get('[netflow][in_bytes]').to_i * event.get('[netflow][sampling_interval]').to_i ) ... }

Any idea how would I replicate this in the filebeat.netflow module?

system · August 6, 2019, 12:42pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat-netflow to logstash send only specific fields Logstash	1	651	March 31, 2022
Siem on logstash and filebeat SIEM	2	635	September 27, 2019
Filebeat Netflow Input to Logstash Elastiflow Pipeline Beats filebeat	1	453	May 19, 2020
Netflow Module sends null fields Beats beats-module , filebeat	1	307	February 9, 2023
Newbie qn: ingesting netflow Beats filebeat	2	260	September 29, 2021