I am using the below filter but it isn't working. No errors being thrown, the string just isn't being stripped.
filter {
if "::ffff:" in [event_data.IpAddress] {
mutate {
id => "IPv6 Strip"
gsub => [
"event_data.IpAddress", "::ffff:", ""
]
}
}
}Looks like Logstash, not beats related. Anyways, nested fields must be accessed using index syntax in logstash. e.g. [event_data][IpAddress].
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.