Private IP Address

Bondo · July 26, 2017, 7:54am

I am trying to enter in an IF statement to preset the geo information based on some internal IPs, but I'm not sure what the syntax needs to be when listing the range. The example below is for any IP with a 10.x.x.x address, but my range is 10.3.64.x - 10.3.127.x

if [c-ip] =~ /^10./ {
mutate { replace => { "[geoip][timezone]" => "Pacific/Auckland" } }
mutate { replace => { "[geoip][country_name]" => "Merica" } }
mutate { replace => { "[geoip][country_code2]" => "UO" } }
mutate { replace => { "[geoip][country_code3]" => "UoO" } }
mutate { remove_field => [ "[geoip][location]" ] }
mutate { add_field => { "[geoip][location]" => "170.525" } }
mutate { add_field => { "[geoip][location]" => "-45.865" } }
mutate { convert => [ "[geoip][location]", "float" ] }
mutate { replace => [ "[geoip][latitude]", -45.856 ] }
mutate { convert => [ "[geoip][latitude]", "float" ] }
mutate { replace => [ "[geoip][longitude]", 170.525 ] }
mutate { convert => [ "[geoip][longitude]", "float" ] }
}

magnusbaeck · July 26, 2017, 7:57am

Use a cidr filter to set a tag when the c-ip field matches a particular CIDR expression, then check for he presence of that tag in your conditional.

system · August 23, 2017, 7:58am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
If field == IPv6 assign a different value Logstash	1	160	May 25, 2021
Only invoke geoip if field is IP Logstash	4	4638	July 6, 2017
If Statements Logstash Pipeline Logstash	3	263	May 17, 2021
Logstash filter if internal networks Logstash	3	407	August 6, 2022
Matching ip address Logstash	5	603	March 20, 2023

Private IP Address

Related topics