Get first two octets of IP address

Leo_Kwok · June 24, 2020, 2:32am

Hi,

I only need the first two octet of IP address, for example, only 91.255 for IP 91.225.201.1. Please advise how to get this in logstash filter.

Thanks,
Leo

Badger · June 24, 2020, 2:15pm

You could do it using dissect

dissect { mapping => { "someField" => "%{IP}.%{+IP}.%{}" } }

Topic		Replies	Views
Shrinked ip address field Elasticsearch	3	305	July 28, 2021
Consider only first IP on apache access log Logstash	3	665	April 14, 2017
Logstash filter for IP addresses Logstash	1	1572	November 15, 2017
Logstash Dissect Filter Logstash	4	1101	November 20, 2017
Mask the IP address using custom grok pattern Logstash	3	1426	January 17, 2019