How to Create a Watchlist/Lookup Tables

praveen_siem · December 31, 2015, 1:00pm

Dear Team,

Do anyone have idea on how do we create a watchlist in ELK. In other terms lookup tables. This specifies a range of values say 50 or 100 or more in a single file. And save it as .csv or .txt

For Ex: there are around 50-100 source IP addresses and each cannot be mentioned in the condition in the query. So we put it in a file and call that file in the condition of the query.

How do we do this in creating a query in ELK, and that too in logstash.

Please throw some light if someone has come across such situation.

Best Regards-
Praveen Kamble

warkolm · January 1, 2016, 9:51pm

There is the translate filter that might work.

praveen_siem · January 11, 2016, 9:44am

Mark,

Thanks. Can you just help out or share any guide indicating so as how to prepare the "translate filter".

Best Regards-
Praveen

warkolm · January 12, 2016, 12:44am

https://www.elastic.co/guide/en/logstash/current/plugins-filters-translate.html is the best place to start.

praveen_siem · January 13, 2016, 10:15am

Thanks for sharing the link, Mark.

We tried to install the "translate filter" plug-in on the log stash 1.4.2- modified version, while installing we are getting the error-

Can only install contrib at this time... Exiting..

Suggest the possible resolution from your end.

warkolm · January 13, 2016, 10:23am

I'd start by upgrading, 1.4 is really old.

Topic		Replies	Views
How to use translate plugin with ES index for lookup data Logstash	6	497	August 21, 2019
Lookup Values Logstash	3	408	July 13, 2019
Read list within logstash configuration (translate plugin) Logstash	4	1830	July 6, 2017
How to use Translate plugin in grok filter Logstash	6	1815	October 16, 2017
Query database from a filter Logstash	5	1156	July 6, 2017

How to Create a Watchlist/Lookup Tables

Related topics