Good morning, I would like a help to make a filter in the logstash, I do not want the logstash to process the one of a certain IP range, also including multicast and broadcast.
I thank you for your help.
Hi @ademir.andrade,
could you give a bit more details? Sounds like you want to filter an input. Not sure if that is possible.
How are you sending data to Logstash?
I don't have any filters applied, I'm receiving data from some routers, and I noticed these ips as 0.0.0.0 and 224.0.0
If there is a small set of IPs you want to drop you could just use something like
if [fieldWithIp] =~ /(1.2.3.4|1.4.5.6|1.6.7.8)/ { drop {} }
Alternatively, you could use a cidr filter to tag the events and drop them if they get tagged.
Thanks for the tip, I'm doing the tests.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.