I am using elastiflow to analysis netflow, now I am trying to add a new field, and fill the corresponding value when matching a specific IP. The filter conf is working like this, but the issue is I have thousands IPs to need to match, so is there a way to add new field in bulk ?
if [flow][dst_addr] == "10.153.227.225"{
mutate {
add_field => { "netflow.server_name" => "PAAS,redis cluster" }
}
}
Have you looked at the translate filter?
Thanks for your suggestion. it is a good solution
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.