Hi,
I am using filebeat netflow module for traffic monitor. But the document don't have interface name. I want to add a python script for filebeat to process before it sends the data to elastc so that it takes interface name from a lookup table using netflow.ingress/egress.interface (ifindex). Can someone give example on how to do it?
Filebeat doesn't allow running an arbitrary python script as part of the processing pipeline.
You could put the interfaces into an Elasticsearch index and do enrichment via an ingest pipeline.
You could "compile" the interface list into a big branching of processors and restart the beat when the list of interfaces is updated
Got it. Thanks. Used small java script in processor with a full list if interfaces details. Now working fine.