Name IPs (source and destination) in packetbeat flows

mihai.radulescu · March 16, 2023, 11:50am

Hello,

I'm using packetbeat to monitor internal networks flows. I'd like to know how I can add a name for each known IP (for example 10.10.10.1 is my DHCP server, I want to add field source.name : 'DHCP Server' and destination.name : 'DHCP Server' whenever is a match on that IP). Of course my list of IPs contains a lot of IPs (about 30-50 unique ones) and I'm wondering what is the best way to add and populate these new fields (using processor I guess, but can I do a translate list or something?).

Thanks and regards,
Mihai Radulescu

mihai.radulescu · March 17, 2023, 1:50pm

tried this, but it didn't work:

if:
network:
source.ip: '10.10.20.10/32'
then:
- add_fields:
  fields:
  source.label: 'LB 2a'
if:
network:
source.ip: '10.10.10.10/32'
then:
- add_fields:
  fields:
  source.label: 'LB 2b'

mihai.radulescu · March 29, 2023, 7:14pm

Solved it by using labels in Visualizations in Kibana.

system · April 26, 2023, 9:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Domain name missing in Http fields in packetbeat Beats packetbeat	4	1564	July 5, 2017
Dns log parsing and display in Kibana Beats packetbeat	3	481	August 26, 2020
Name in place of IP Beats packetbeat	6	1095	October 24, 2019
Source.ip.keyword insted of source.ip Kibana	4	2040	November 19, 2020
Kibana and packetbeat questions Beats packetbeat	2	464	September 24, 2018

Name IPs (source and destination) in packetbeat flows

Related Topics