How to make something like an IP address be stored in an array of integers instead of a string

Ben_Hoffman · February 24, 2017, 8:06pm

So I want to basically do a string split at the " . " in one of my outputs from a log file (It is an IP address). Is there any way to do this with a Logstash filter? It would make the requests from my application to my server generate much less garbage when I call the server.

theuntergeek · February 27, 2017, 8:37pm

This configuration:

input { stdin {} }

filter {
  mutate { split => { "message" => "." } }
  mutate { convert => { "message" => "integer" } }
}

output { stdout { codec => rubydebug } }

Will result in this output, if fed 172.19.73.1 as STDIN:

172.19.73.1
{
    "@timestamp" => 2017-02-27T20:35:00.726Z,
      "@version" => "1",
          "host" => "REDACTED.local",
       "message" => [
        [0] 172,
        [1] 19,
        [2] 73,
        [3] 1
    ]
}

Ben_Hoffman · February 28, 2017, 3:32pm

That worked perfectly, thanks a lot!

system · March 28, 2017, 3:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Convert IP string to Integer Logstash	4	654	January 10, 2022
Filter Array Values Logstash	8	967	February 15, 2019
Logstash Converting Base64 IP to Decimal IP Logstash	20	722	November 9, 2021
Convert field to an array Logstash	3	554	June 1, 2022
Logstash filter: Convert all fields in json to integer Logstash	3	1253	June 10, 2019

How to make something like an IP address be stored in an array of integers instead of a string

Related topics