Versioner sammenlignet

Gammel version 1

changes.mady.by.user Normann P. Nielsen

Gemt på

sammenlignet med

Ny version 2

changes.mady.by.user Normann P. Nielsen

Gemt på

Nøgle

  • Linjen blev tilføjet.
  • Denne linje blev fjernet.
  • Formatering blev ændret.

...

As my "pingtime" is a value I want to visualize and use for an Y-Axis, it must be numeric - hence the mutate

Drop something

THis is how I drop part of the syslog (google DNS lookup) after it has been "kv" (:

Kodeblok
if [DST] == "8.8.8.8"
{
  drop {}
}

Adding fields/medata

FRom the syslog, I would like to add an owner of the Source (Identified by Source IP "SRC") and a Device (also identified by Source IP "SRC")

Kodeblok
if [SRC] == "10.0.0.102" {
  mutate
  {
    add_field => { "IPOwner" => "Toke" "Device" => "iPad" }
  }
}
...
...
if [SRC] == "10.0.0.109" {
  mutate
  {
    add_field => { "IPOwner" => "Christopher" "Device" => "Laptop LAN" }
  }
}

These metadata give me a possibility to Visualize traffic by IPOwner:

Image Added 

 

 

Trobleshooting

Can send data to Elasticsearch

...