Fortinet module processor fail

Thomas74 · February 11, 2021, 11:04am

Hi,

I'm configuring Fortinet module but processor condition added doesn't work and I don't understand why.

Here you have config module :

- module: fortinet    
  firewall:    
    enabled: true    
    var.input: udp    
    var.syslog_host: 0.0.0.0    
    var.syslog_port: 9999    
    input:                                                                                                                                                                                                                                       
      processors:    
      - add_tags:    
         when:    
            contains:    
               observer.name: "TEST"    
         tags: [test]

If I remove when condition, the tag is created.

Do you have an idea on what I made wrong ?

Best regards,

Thomas

system · March 11, 2021, 1:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem with filebeat prozessors Beats filebeat	2	268	April 20, 2021
Error fortinet module - 7.17.3 Beats filebeat	2	307	August 19, 2022
Filebeat Fortinet module not working Beats beats-module , filebeat	4	783	October 23, 2020
Fortinet module not parsing from file Beats filebeat	6	602	June 18, 2021
Conditions are not working properly. Seems to match documentation Beats filebeat	10	342	May 20, 2021

Fortinet module processor fail

Related Topics