Want to copy specific data coming in and send to a new index

S3l3ct3d · February 11, 2021, 8:54pm

I am going to try and explain this process we are wanting to accomplish.

We have logs coming in from a specific vendor and going into its own index.
We are wanting to capture specific data coming in from that index and copying it into its own index. Example Log coming will have a specific "Type" that we want to capture. In this log will have a specific IP Address listed. We want to capture that log or just the specific IP Address listed.
We then want to save those IP's or logs to a new index as known bad IP Addresses.
Then we will want to run a specific search to take the new index "Known Bad IP's" to search across any index for a successful login from that "Known Bad IP" list.

My question to all of you smart people is how can we accomplish this.

Any input would be awesome.

Thanks,

warkolm · February 14, 2021, 11:32pm

I thin khttps://www.elastic.co/guide/en/elasticsearch/reference/7.11/transform-usage.html would be the best for this.

system · March 14, 2021, 11:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Copy speciifc data to another index automatically Elasticsearch	2	283	October 11, 2022
Copy index fields from one ES to another Elasticsearch	10	802	April 30, 2020
Continuously copy specific documents to another index? Elasticsearch	9	1396	December 16, 2020
Create new index with especific documents Elasticsearch	2	352	May 8, 2019
Filtering data to different indexes based on source iP Logstash	2	896	February 5, 2019