Name IPs (source and destination) in packetbeat flows

mihai.radulescu · March 16, 2023, 11:50am

Hello,

I'm using packetbeat to monitor internal networks flows. I'd like to know how I can add a name for each known IP (for example 10.10.10.1 is my DHCP server, I want to add field source.name : 'DHCP Server' and destination.name : 'DHCP Server' whenever is a match on that IP). Of course my list of IPs contains a lot of IPs (about 30-50 unique ones) and I'm wondering what is the best way to add and populate these new fields (using processor I guess, but can I do a translate list or something?).

Thanks and regards,
Mihai Radulescu

mihai.radulescu · March 17, 2023, 1:50pm

tried this, but it didn't work:

if:
network:
source.ip: '10.10.20.10/32'
then:
- add_fields:
  fields:
  source.label: 'LB 2a'
if:
network:
source.ip: '10.10.10.10/32'
then:
- add_fields:
  fields:
  source.label: 'LB 2b'

mihai.radulescu · March 29, 2023, 7:14pm

Solved it by using labels in Visualizations in Kibana.

system · April 26, 2023, 9:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Domain name missing in Http fields in packetbeat Beats packetbeat	4	1564	July 5, 2017
Dns log parsing and display in Kibana Beats packetbeat	3	481	August 26, 2020
Name in place of IP Beats packetbeat	6	1104	October 24, 2019
Source hostname instead of source_ip Beats packetbeat	7	1523	March 29, 2017
Is it possible to get individual IP address count from different sources to my server(packetbeat installed) Beats packetbeat	3	1568	May 11, 2017

Name IPs (source and destination) in packetbeat flows

Related topics