Match all Random IP Addresses

cjvermeulen · February 6, 2018, 1:01pm

Sorry if this a total rookie question but..
Scenario: I have random multiline log messages that have anywhere from 1 to 100 IP addresses in them. The IP's are sporadic and don't always follow a single pattern. Ie. They don't always follow a single comma, etc.

Goal: Match all IP's and output them to a single field as an array.

Question: Using a grok filter I can match the first result but it then stops processing. Is there an easy way to match each IP without having 100 match statements and 100 fields?

Thoughts: loop the single match statements? Output the original message to a new field and then use mutate to remove anything that doesn't match an IP.

Any insight is appreciated.

Thanks!

(Apologies for bad formating, I'm writing this from my mobile)

Christian_Dahlqvist · February 6, 2018, 1:24pm

Does this open issue match what you are looking for?

cjvermeulen · February 6, 2018, 5:40pm

It reads like it. Thanks!

Christian_Dahlqvist · February 6, 2018, 6:11pm

Unfortunately that means it is currently not possible, so you may need to use a ruby filter.

system · March 6, 2018, 6:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How do we match multiple random ips? Logstash	3	3921	July 6, 2017
Extract IP from multiple lines Logstash	5	1241	March 7, 2018
Parsing ip address coming at random places inside logs Logstash	5	1609	January 17, 2021
Taking array of matching values for one pattern out of Logstash grok Logstash	4	7377	March 9, 2018
QUESTION ABOUT "LOGSTASH GROK MATCH" WITH ARRAY Logstash	4	1284	May 27, 2019

Match all Random IP Addresses

Related topics