Translate filter

Kishore · July 26, 2016, 7:01am

how to match multiple fields using translate filter?

warkolm · July 26, 2016, 7:29am

Please provide more information on what you are trying to achieve.
What do you mean by [quote="Kishore, post:1, topic:56359"]
multiple fields
[/quote]

Kishore · July 26, 2016, 9:19am

I want to generate an alert if there is any change in User Country from the below mentioned scenario.

Log looks like below:
Jul 25 07:18:24 ip-10-129-23-37 openvpn[69098]: kishore/170.24.6.84:19412 MULTI_sva: pool returned IPv4=13.24.129.30, IPv6=(Not enabled)

I was able to capture Username: kishore and Country Name: India/USA from the above log to store in the Dictonary file to match, i am trying to match both fields in the log if log occurs second time.

If i could be able to match and find there is any change in Country , i want to generate an alert.

warkolm · July 26, 2016, 9:58am

You are better off using Alerting (Watcher) or similar.

Kishore · July 26, 2016, 10:51am

Else can you please suggest me that how to merge two fields

DiscussBuster · July 27, 2016, 3:05am

filter {
mutate {
add_field => {
"new_field" => "%{field1} %{field2}"
}
}
}

Hope this helps!

Kishore · July 28, 2016, 4:59am

Thanks Buster.

Topic		Replies	Views
Logstash field matching Logstash	3	728	July 6, 2017
Tranlate filter for bind logs but multiple fields Logstash	1	260	August 1, 2018
Translate return multiple fields Logstash	12	3065	July 6, 2017
Filter and mapping by multiple fields in translate filter and dictionary Logstash	1	717	October 29, 2019
Use case logic Logstash	2	639	July 6, 2017

Translate filter

Related topics