Iptables intergrations Processors

david-a76 · December 15, 2022, 10:40am

I wourd like to add a field when source ip is one of 192.168.100.0/24 or 172.17.100.0/24 subnet
So i added this precocessor in iptables integration field on my agnet policy but It's totaly ignored.
That's wrong with it?

  - add_fields:
      target: network
      fields:
          tag: "mylan"
      when:
        network:
           source.ip: [ "192.168.100.0/24", "172.17.100.0/24"]

Many Thanks

legoguy1000 · December 30, 2022, 7:52pm

The integration doesn't parse the message until it reaches elasticsearch so there is no source.ip field yet.

Topic		Replies	Views
Network Condition Not Working? Elastic Agent fleet	7	279	November 10, 2022
Elasticsearch alerts don't show source.ip Kibana elastic-stack-alerting	0	17	June 8, 2026
Source ip field is not getting enable while i am able to get host.ip from log file Elasticsearch	0	361	April 8, 2020
Correlation of IPs within ELK Logstash	6	920	October 8, 2018
GeoIP enrich IP addresses broken if fileting with include_fields Elastic Agent packetbeat	1	270	November 10, 2023

Iptables intergrations Processors

Related topics