Want Alert when New IP Found, How to do that?

Dhia_Saibi · May 14, 2022, 2:29pm

Hi,
I've parsed the logs to get new fields and specifically the client.ip field using this ingest piepline

PUT _ingest/pipeline/disscus-ip
{
  "description": "",
  "processors": [
    {
      "grok": {
        "field": "message",
        "patterns": [
          "%{NUMBER:http_status} %{IP:client.ip} %{URIPATH:url_path} %{NUMBER:count} %{NUMBER:last_access} %{USER:user.name}"
        ]
      }
    }
  ]
}

now I can find all the new fields : http_status , url_path ,count and last_access
but I don't find the client.ip like shown in the picture below:

client.ip doesn't match any options

system · June 11, 2022, 2:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.