Logstash and netflow filter problem / question with filter and if[exp]

digitalpilot · June 24, 2017, 4:57pm

Hi,

using latest versions of netflow / ipfix codec with logstash.

I'm trying to create a filter that will match on the BGP ASN and set a new field with the
human name for that ASN. At the moment I'm setting a tag, which will work when the
enclosing IF is not part of the config. So something is broke with my if [EXPRESSION]

filter {

if [ipfix.bgpDestinationAsNumber] == '174' {
    mutate  {
        add_tag => { "FUBAR" => "BARF"  }
    }
}

}

ipfix.bgpSestinationAsNumber is a numeric field

Thoughts ??

Thank you

magnusbaeck · June 27, 2017, 6:37pm

Duplicate of Logstash filter section problem.

system · July 25, 2017, 6:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash filter section problem Logstash	3	673	July 24, 2017
Logstash Conditional format? Logstash	3	980	July 6, 2017
Logstash DNS Filter Issue Logstash	1	421	April 10, 2018
Compare IP's in netflow to Reputational List Logstash	2	857	July 6, 2017
Filter "logstash-filter-dns" doesn't work Logstash	1	452	August 10, 2018

Logstash and netflow filter problem / question with filter and if[exp]

Related topics