Good morning, I would like a help to make a filter in the logstash, I do not want the logstash to process the one of a certain IP range, also including multicast and broadcast.
I thank you for your help.
Hi @ademir.andrade,
could you give a bit more details? Sounds like you want to filter an input. Not sure if that is possible.
How are you sending data to Logstash?
I don't have any filters applied, I'm receiving data from some routers, and I noticed these ips as 0.0.0.0 and 224.0.0
If there is a small set of IPs you want to drop you could just use something like
if [fieldWithIp] =~ /(1.2.3.4|1.4.5.6|1.6.7.8)/ { drop {} }
Alternatively, you could use a cidr filter to tag the events and drop them if they get tagged.
Thanks for the tip, I'm doing the tests.