Name IPs (source and destination) in packetbeat flows

mihai.radulescu · March 16, 2023, 11:50am

Hello,

I'm using packetbeat to monitor internal networks flows. I'd like to know how I can add a name for each known IP (for example 10.10.10.1 is my DHCP server, I want to add field source.name : 'DHCP Server' and destination.name : 'DHCP Server' whenever is a match on that IP). Of course my list of IPs contains a lot of IPs (about 30-50 unique ones) and I'm wondering what is the best way to add and populate these new fields (using processor I guess, but can I do a translate list or something?).

Thanks and regards,
Mihai Radulescu

mihai.radulescu · March 17, 2023, 1:50pm

tried this, but it didn't work:

if:
network:
source.ip: '10.10.20.10/32'
then:
- add_fields:
  fields:
  source.label: 'LB 2a'
if:
network:
source.ip: '10.10.10.10/32'
then:
- add_fields:
  fields:
  source.label: 'LB 2b'

mihai.radulescu · March 29, 2023, 7:14pm

Solved it by using labels in Visualizations in Kibana.

system · April 26, 2023, 9:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.