I am new to Logstash and grok and want to mask/ change first octets of ip addresses in my logs for security purpose. but unable to create a grok pattern which will work for the situation. I am getting IP from logs message but i am not able to think forward.
I tried the same it works for one ip but when i want the same for whole message which contains 2, 3 ips i am unable to generate a regex which will help.
right now i have generated below mentioned regex for gsub which is working fine for one ip.
gsub => ["client_ip", "(.\d+){1}$", ".XXX"]
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.