Unable to strip IPv6 Address From Field

wwalker · March 15, 2018, 9:51pm

I am using the below filter but it isn't working. No errors being thrown, the string just isn't being stripped.

filter {
  if "::ffff:" in [event_data.IpAddress] {
    mutate {
      id => "IPv6 Strip"
      gsub => [
        "event_data.IpAddress", "::ffff:", ""
      ]
    }
  }
}

steffens · March 16, 2018, 8:50am

Looks like Logstash, not beats related. Anyways, nested fields must be accessed using index syntax in logstash. e.g. [event_data][IpAddress].

system · April 13, 2018, 8:50am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Removes ::ffff: from ip address field Logstash	4	1207	March 1, 2019
Filter out beat.* Logstash	3	229	April 15, 2019
Logstash service crash 6.6 (geoip) filter Logstash	6	577	April 16, 2019
Filter section in logstash Logstash	3	663	October 10, 2018
Modifying / using beats field in logstash filter Logstash	2	829	October 31, 2017

Unable to strip IPv6 Address From Field

Related Topics