Hello we now have a data is two layer in kibana json form.
In kibana we can see :
{
"_index": "XXXXXX",
"_type": "pcap",
"_id": "XXXXXX",
"_version": X,
.
.
.
"layers": {
"ip_src": [
"192.168.X.XX"
],
.
.
}
.
"@version": "X",
"host": "XXXXX",
}
We send the data to kibana following the process:
log data->filebeat->logstash->elasticsearch
Now we want to add some filter condition in logstash.
When we set the if condition in logstash configure file :
if [type] == "pcap"
{}
If the data meet the if condition ,logstash will execute the function in big parantheses.
But if i set the if condition:
if [layers][ip_src] == "192.168.X.XX"
{}
The if function will not execute.
Do we have the wrong if function setting?