Iptables intergrations Processors

david-a76 · December 15, 2022, 10:40am

I wourd like to add a field when source ip is one of 192.168.100.0/24 or 172.17.100.0/24 subnet
So i added this precocessor in iptables integration field on my agnet policy but It's totaly ignored.
That's wrong with it?

  - add_fields:
      target: network
      fields:
          tag: "mylan"
      when:
        network:
           source.ip: [ "192.168.100.0/24", "172.17.100.0/24"]

Many Thanks

legoguy1000 · December 30, 2022, 7:52pm

The integration doesn't parse the message until it reaches elasticsearch so there is no source.ip field yet.

system · January 27, 2023, 7:53pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic-agent - Custom logs - no asn fields Elastic Agent filebeat	5	210	April 7, 2024
Elastic Agent, System Integration, Processors Kibana fleet	9	1103	July 27, 2022
Add_field processor on empty env provider fields stop ingest Beats elastic-agent	1	205	October 17, 2023
Add fields do not work Winlogbeat Beats winlogbeat	2	350	June 7, 2022
Source ip field is not getting enable while i am able to get host.ip from log file Elasticsearch	1	333	May 6, 2020

Iptables intergrations Processors

Related topics