-
Notifications
You must be signed in to change notification settings - Fork 39
/
96_lookup_iana_protocol.conf
40 lines (40 loc) · 1.47 KB
/
96_lookup_iana_protocol.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# Copyright [2021] [Cargill, Incorporated.]
# SPDX-License-Identifier: Apache-2.0
filter {
if "disable_lookup_iana_protocol_enrichment" in [tags] or "disable_lookups" in [tags] or "disable_enrichments" in [tags] {
mutate {
remove_tag => ["disable_lookup_iana_protocol_enrichment"]
}
} else {
if ![network.protocol] and [destination.port] {
translate {
field => "[destination.port]"
dictionary_path => "${LOGSTASH_HOME}/config/iana_protocols.csv"
destination => "[network.protocol]"
override => "true"
# Disable refresh from disk because when we update the dictionary file, we restart logstash explicitly
refresh_interval => 0
}
}
if ![network.protocol] and [server.port] {
translate {
field => "[server.port]"
dictionary_path => "${LOGSTASH_HOME}/config/iana_protocols.csv"
destination => "[network.protocol]"
override => "true"
# Disable refresh from disk as when we update the dictionary file, we restart logstash explicitly
refresh_interval => 0
}
}
if ![network.protocol] and [url.port] {
translate {
field => "[url.port]"
dictionary_path => "${LOGSTASH_HOME}/config/iana_protocols.csv"
destination => "[network.protocol]"
override => "true"
# Disable refresh from disk as when we update the dictionary file, we restart logstash explicitly
refresh_interval => 0
}
}
}
}