Hello,
I have a NetFlow field named [flow][addr] which represents an IP address.
For example [flow][addr] looks like: 10.96.31.41 .
I would like to remove the last Byte of my field and keep only 10.96.31. I also would like to save the value in a new field called for example [flow][pref].
Please help ! Thank you.
Aleksandra
Found the answer :
filter {
if[flow][dst_addr]{
mutate{
id => "netflow_9_convert_addr_to_prefix"
add_field => { "[flow][dst_prefix]" => "%{[flow][dst_addr]}" }
}
mutate{
id => "netflow_9_trim_addr"
gsub => ["[flow][dst_prefix]", ".(?:\d{1,3}$)", " "]
}
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.