Processor network_direction in filebeat


Actually we want to implement the network_direction in filebeat processor for that we added below lines

# ================================= Processors =================================
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~
  - add_network_direction:
      source: source.ip
      destination: destination.ip
      target: network.direction
      internal_networks: [ "", "" ]

But when we check in elasticsearch data is still getting network.direction as "unknown",
even we restarted the cluster also but still same.
Please anyone have any idea do we need to add anythink.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.