Closed zmeng20171123 closed 5 years ago
input { udp { port => 6000 codec => netflow { versions => [9] type => netflow } } }
output { stdout { codec => rubydebug } if ( [host] =~ "10.30.30].[0-2][0-9][0-9]" ) { elasticsearch { index => "Router_Switch_NF-%{+YYYY.MM.dd}" } } else { elasticsearch { index => "Router_Switch_NF_Other-%{+YYYY.MM.dd}" } } }
Sample Data:
Steps to Reproduce:
input { udp { port => 6000 codec => netflow { versions => [9] type => netflow } } }
output { stdout { codec => rubydebug } if ( [host] =~ "10.30.30].[0-2][0-9][0-9]" ) { elasticsearch { index => "Router_Switch_NF-%{+YYYY.MM.dd}" } } else { elasticsearch { index => "Router_Switch_NF_Other-%{+YYYY.MM.dd}" } } }
Sample Data:
Steps to Reproduce: