Hello everyone,
I'm trying to do a condition on IP regex.
Trying to match every IPs
if [destination.XXX] =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/ {
mutate {
...
}
}
I tried the solution from that post but doesnt work :
Thanks for your help
Hello everyone,
I'm trying to do a condition on IP regex.
Trying to match every IPs
if [destination.XXX] =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/ {
mutate {
...
}
}
I tried the solution from that post but doesnt work :
Thanks for your help
What is the field name? Please share a sample of your message.
In Logstash you access nested fields using [topLevel][nestedField]
not [topLevel.nestedField]
So if your field is a nested json object you need to use [destination][XXX]
.
So, it worked or not?
From what you shared you have a geoip working already, it is not clear what is the issue.
That actually doesn't work. I'm doing a reverse DNS request on that field but that regex doesn't match.
I would like to check if the field [destination][domain] contain an IP instead of a dns information.
Do you know why that doesn't match ?
Regards
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.