Match all Random IP Addresses

cjvermeulen · February 6, 2018, 1:01pm

Sorry if this a total rookie question but..
Scenario: I have random multiline log messages that have anywhere from 1 to 100 IP addresses in them. The IP's are sporadic and don't always follow a single pattern. Ie. They don't always follow a single comma, etc.

Goal: Match all IP's and output them to a single field as an array.

Question: Using a grok filter I can match the first result but it then stops processing. Is there an easy way to match each IP without having 100 match statements and 100 fields?

Thoughts: loop the single match statements? Output the original message to a new field and then use mutate to remove anything that doesn't match an IP.

Any insight is appreciated.

Thanks!

(Apologies for bad formating, I'm writing this from my mobile)

Christian_Dahlqvist · February 6, 2018, 1:24pm

Does this open issue match what you are looking for?

cjvermeulen · February 6, 2018, 5:40pm

It reads like it. Thanks!

Christian_Dahlqvist · February 6, 2018, 6:11pm

Unfortunately that means it is currently not possible, so you may need to use a ruby filter.

system · March 6, 2018, 6:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.