Filebeat-netflow to logstash send only specific fields

Juan_David_Jaramillo · March 3, 2022, 4:15pm

hello good morning

I need your help to send the data from a filebeat-netflow to logstash and filter the fields that I need only to send it to my elastic cloud, I mean, I can specify which fields are sent only, so that I do not generate so many unnecessary fields.

thank you I hope for your prompt response, I share file netflow.yml

- module: netflow
  log:
    enabled: true
    var:
      netflow_host: 0.0.0.0
      netflow_port: 2055
      max_message_size: 1KiB
      protocols: [ v5, v9, ipfix ]
      expiration_timeout: 30m
      queue_size: 1000
      detect_sequence_reset: true

config logstash output:

input {
  beats {
  port => 2055
  }
}

filter {

 prune {
        whitelist_names => [ "method", "(referrer|status)", "${some}_field" ]
     }
}

output {
#  stdout{ }
  elasticsearch {
    hosts => ["https://xxxxxxxxxxxxxxxx.us-central1.gcp.cloud.es.io:9243"]
    user => "elastic"
    password => "xxxx"
    index => "ntw"
    }
  }
}

this would be where the data would be sent to my elastic cloud, but I need it to send only specific fields

for example these fields are the ones sent by netflow and I only want it to send the ones marked in red:

system · March 31, 2022, 4:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Add filter to send specific fields to elasticsearch Logstash	12	1618	March 12, 2019
Filebeat 7.2 netflow module and adding custom fields Beats filebeat	1	439	August 6, 2019
From Filebeat to Logstash (and next to Elasticsearch) - pipeline processing Beats filebeat	3	237	January 27, 2023
Filebeat Netflow Input to Logstash Elastiflow Pipeline Beats filebeat	1	453	May 19, 2020
Logstash Not sending data to Elasticsearch Logstash	1	161	December 21, 2022

Filebeat-netflow to logstash send only specific fields

Related topics