Hi,
I am new to Logstash and grok and want to mask/ change first octets of ip addresses in my logs for security purpose. but unable to create a grok pattern which will work for the situation. I am getting IP from logs message but i am not able to think forward.
After you've parsed the message with grok, use the Mutate gsub filter to replace the first octet.
Hi,
I tried the same it works for one ip but when i want the same for whole message which contains 2, 3 ips i am unable to generate a regex which will help.
right now i have generated below mentioned regex for gsub which is working fine for one ip.
gsub => ["client_ip", "(.\d+){1}$", ".XXX"]
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.