Want to copy specific data coming in and send to a new index

S3l3ct3d · February 11, 2021, 8:54pm

I am going to try and explain this process we are wanting to accomplish.

We have logs coming in from a specific vendor and going into its own index.
We are wanting to capture specific data coming in from that index and copying it into its own index. Example Log coming will have a specific "Type" that we want to capture. In this log will have a specific IP Address listed. We want to capture that log or just the specific IP Address listed.
We then want to save those IP's or logs to a new index as known bad IP Addresses.
Then we will want to run a specific search to take the new index "Known Bad IP's" to search across any index for a successful login from that "Known Bad IP" list.

My question to all of you smart people is how can we accomplish this.

Any input would be awesome.

Thanks,

warkolm · February 14, 2021, 11:32pm

I thin khttps://www.elastic.co/guide/en/elasticsearch/reference/7.11/transform-usage.html would be the best for this.

system · March 14, 2021, 11:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.