Logstash Network Filter

Open Source Elasticsearch and Kibana
1

How can I filter logs by network. Example. 3 networks with several vm. Everyone sends logs over syslog on port 514 to logstash.

syslog
syslog1322×672 11.7 KB

Something like this logstash.conf

input {
  syslog {
    port => 514
  }
}
filter {
  if [network] == 10.10.10.0/24
    add_tag => ["index1"]
  else {
    if [network] == 10.10.11.0/24
      add_tag => ["index2"]
    else {
      add_tag => ["index3"]
    }
  }
}
output {
  if [tag] == "index1" {
    elasticsearch {
      index => index1
  }
}
  else {
    if [tag] == "index2" {
	  elasticsearch {
      index => index2
  }
}
	else {
	  elasticsearch {
      index => index3
      }
    }
  }
}

Can someone explain how to do this or attach a link for an example.

2