Hey I've a file which includes ip addresses and there corresponding mac addresses. Now, is there any way I can use that file inside filter tag to match the ip address with my log file and allot them corresponding mac address??
Example:
filter
{
if [netflow][ipv4_src_addr] == "address_of file(containing ip address)"
{
mutate { add_field => {"macid" => "address-of file(containing mac address)"} }
}
Hope I am making sense
Thanks for pointing me at right direction..but I will have to give it manually..Is there anyway so that I can pick up the details from a file one by one and add the fields??
The translate filter is the one to use here. Why can’t you use it?
Because I will have add all the entries manually
You can add entries to the translate file and it will periodically reload the file. I do not see any other filter that would be suitable. I do suspect I still do not understand your problem and exactly what you are trying to do and why the translate filter does not fit though. Could you elaborate further?
Actually I've a file which contains the list of ip address and their respective mac address. Now, I have netflow logs v5 which doesn't contain mac address, hence I would like to add those mac address in netflow logs. I thought If I could use for loop so that it will compare from the file and if that address is found then it will add the respective mad address of that ip
That is exactly what the translate filter is designed for so I do not understand why you do not think this is suitable.
Oh I am so sorry I didn't go through the whole documentation
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.