Actually we want to implement the network_direction in filebeat processor for that we added below lines
# ================================= Processors ================================= processors: - add_host_metadata: when.not.contains.tags: forwarded - add_cloud_metadata: ~ - add_docker_metadata: ~ - add_kubernetes_metadata: ~ - add_network_direction: source: source.ip destination: destination.ip target: network.direction internal_networks: [ "220.127.116.11/21", "18.104.22.168/24" ]
But when we check in elasticsearch data is still getting network.direction as "unknown",
even we restarted the cluster also but still same.
Please anyone have any idea do we need to add anythink.