Need program variables from config file

billzy · May 30, 2016, 9:46am

I'm using logstash as output method for packetbeat and I want to filter transactions in logstash, for example, I received 3 packets described as below

packet A is from 192.168.0.3 to 192.168.0.4
packet B is from 192.168.0.3 to 192.168.0.5
packet C is from 192.168.0.3 to 10.0.168.9

now I need logstash only output packet C, what i'm thinking now is to maintain a whitelist read from some config file in logstash, any packet compliant with this list will output and others won't.

Does logstash have this kind of feature ? or any workaround I can take ?
thanks a lot !

warkolm · May 30, 2016, 11:16pm

I don't know if there is a way to do this, packetbeat stores hostnames rather than IPs for the most part. It does store a client_ip though, so maybe you can use that?

billzy · May 31, 2016, 7:15am

thanks for the reply, finally I figured out a way using a new experimental feature in the latest version 2.3.2 to workaround this, the new feature allows logstash to read system environment variables, after that I use mutate to add a new field contains the desired content, then I can do filter efforts in ruby code.

magnusbaeck · May 31, 2016, 7:36am

This sounds like a good task for the translate filter.

billzy · May 31, 2016, 7:47am

oh god that seems exactly what i need by reading the translate document page, many thanks !!!

system · July 6, 2017, 4:55am