Hi,
using latest versions of netflow / ipfix codec with logstash.
I'm trying to create a filter that will match on the BGP ASN and set a new field with the
human name for that ASN. At the moment I'm setting a tag, which will work when the
enclosing IF is not part of the config. So something is broke with my if [EXPRESSION]
filter {
if [ipfix.bgpDestinationAsNumber] == '174' {
mutate {
add_tag => { "FUBAR" => "BARF" }
}
}
}
ipfix.bgpSestinationAsNumber is a numeric field
Thoughts ??
Thank you