Want Alert when New IP Found, How to do that?

Dhia_Saibi · May 14, 2022, 2:29pm

Hi,
I've parsed the logs to get new fields and specifically the client.ip field using this ingest piepline

PUT _ingest/pipeline/disscus-ip
{
  "description": "",
  "processors": [
    {
      "grok": {
        "field": "message",
        "patterns": [
          "%{NUMBER:http_status} %{IP:client.ip} %{URIPATH:url_path} %{NUMBER:count} %{NUMBER:last_access} %{USER:user.name}"
        ]
      }
    }
  ]
}

now I can find all the new fields : http_status , url_path ,count and last_access
but I don't find the client.ip like shown in the picture below:

client.ip doesn't match any options

system · June 11, 2022, 2:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Custom logs alert Kibana elastic-stack-alerting	5	548	June 9, 2022
How to Parse Log to Get IP Address Elasticsearch elastic-stack-alerting	11	3687	June 11, 2022
Clientip field is not identified by logstash (Solved) Logstash	12	4499	July 6, 2017
Client ip address Elasticsearch	4	3121	February 13, 2017
How to set up alerts triggered by an unknown factor? Kibana elastic-stack-alerting	4	702	October 22, 2019

Want Alert when New IP Found, How to do that?

Related topics