Private IP Address

Bondo · July 26, 2017, 7:54am

I am trying to enter in an IF statement to preset the geo information based on some internal IPs, but I'm not sure what the syntax needs to be when listing the range. The example below is for any IP with a 10.x.x.x address, but my range is 10.3.64.x - 10.3.127.x

if [c-ip] =~ /^10./ {
mutate { replace => { "[geoip][timezone]" => "Pacific/Auckland" } }
mutate { replace => { "[geoip][country_name]" => "Merica" } }
mutate { replace => { "[geoip][country_code2]" => "UO" } }
mutate { replace => { "[geoip][country_code3]" => "UoO" } }
mutate { remove_field => [ "[geoip][location]" ] }
mutate { add_field => { "[geoip][location]" => "170.525" } }
mutate { add_field => { "[geoip][location]" => "-45.865" } }
mutate { convert => [ "[geoip][location]", "float" ] }
mutate { replace => [ "[geoip][latitude]", -45.856 ] }
mutate { convert => [ "[geoip][latitude]", "float" ] }
mutate { replace => [ "[geoip][longitude]", 170.525 ] }
mutate { convert => [ "[geoip][longitude]", "float" ] }
}

magnusbaeck · July 26, 2017, 7:57am

Use a cidr filter to set a tag when the c-ip field matches a particular CIDR expression, then check for he presence of that tag in your conditional.

system · August 23, 2017, 7:58am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.