I have Logstash Kibana and Elasticsearch versions 5.6.2 installed on Windows 2012 R2. I have a grok pattern that reads in text file entries adequately. The end of each entry is a message field containing a couple different formats; sometimes an IP adress, sometimes 2 IP addresses and different messa…

Logstash Dissect Filter

magnusbaeck (Magnus Bäck) October 23, 2017, 8:21pm 2

Why not use a grok filter?

grok {
  match => ["message", "\boutside:%{IP:ip}\b"]
  tag_on_failure => []
}
if [ip] {
  geoip {
    ...
  }
}

Topic		Replies	Views
Logstash geoIP and dissect issues Logstash	3	924	October 23, 2017
Logstash filter for IP addresses Logstash	1	1572	November 15, 2017
Extracting data from message Logstash	2	410	July 18, 2018
Grok & firewall logs Logstash	7	2602	October 22, 2019
Fetching all external IP address from firewall logs using logstash Logstash	6	382	July 5, 2023

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Logstash Dissect Filter

Related topics