Want Alert when New IP Found, How to do that?

Dhia_Saibi · May 14, 2022, 2:29pm

Hi,
I've parsed the logs to get new fields and specifically the client.ip field using this ingest piepline

PUT _ingest/pipeline/disscus-ip
{
  "description": "",
  "processors": [
    {
      "grok": {
        "field": "message",
        "patterns": [
          "%{NUMBER:http_status} %{IP:client.ip} %{URIPATH:url_path} %{NUMBER:count} %{NUMBER:last_access} %{USER:user.name}"
        ]
      }
    }
  ]
}

now I can find all the new fields : http_status , url_path ,count and last_access
but I don't find the client.ip like shown in the picture below:

client.ip doesn't match any options

system · June 11, 2022, 2:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to Parse Log to Get IP Address Elasticsearch elastic-stack-alerting	11	3343	June 11, 2022
Custom logs alert Kibana elastic-stack-alerting	5	525	June 9, 2022
Elasticsearch ingest pipeline - on failure field removal problem Elasticsearch	1	365	February 18, 2020
Issue with ingest pipeline Kibana painless	19	617	November 7, 2023
Geoip pipeline creation issue Elasticsearch	6	433	March 28, 2019

Want Alert when New IP Found, How to do that?

Related topics