search

sipcapture / paStash

pastaʃ'ʃ = Spaghetti I/O Event Data Processing, Interpolation, Correlation and beyond :spaghetti:
http://sipcapture.io
Apache License 2.0
102 stars 28 forks source link

filtering netflow fields #192

Closed Alisher-Nabiev closed 4 months ago

Alisher-Nabiev commented 4 months ago

Hi, I am using NetFlow to receive data from a port. I am trying to filter the data and output certain fields to Elasticsearch.

This is the information that I am trying to read off : "last_switched", "first_switched", "in_pkts", "input_snmp", "output_snmp", "src_tos", "ipv4_next_hop", "dst_mask", "src_mask", "tcp_flags", "in_dst_mac", "out_src_mac", "postNATSourceIPv4Address", "postNATDestinationIPv4Address", "postNAPTSourceTransportPort", "postNAPTDestinationTransportPort", "fsId",

but didn't find any way to filter the incoming data. can someone pls guide me on how can i achieve this?

lmangani commented 4 months ago

Hello @Alisher-Nabiev You should be able to use the omit filter for this task

Alisher-Nabiev commented 4 months ago

thanks helped a lot!