Getting error while parsing intermediary ip address

Namaste Team,

I'm not sure what is wrong with my code, but I am getting the following error while populating the intermediary nat IP address.

Error: generic::unknown: pipeline.ParseLogEntry failed: LOG_PARSING_CBN_ERROR: "generic::invalid_argument: failed to convert raw output to events: failed to convert raw message 0: field \\"idm\\": index 0: recursive rawDataToProto failed: field \\"read_only_udm\\": index 0: recursive rawDataToProto failed: field \\"intermediary_nat\\": no descriptor found"

Code I have written:

if [_collector_internal_ip_address] not in [ "","-" ] {

grok {

match => {

"_collector_internal_ip_address" => [ "%{IP:natip}" ]

}

overwrite => ["natip"]

on_error => "not_valid_natip"

}

if ![not_valid_natip] {

mutate {

merge => {

"event.idm.read_only_udm.intermediary_nat.ip" => "natip"

}

}

Let me know what I am doing wrong here.

Thanks,
Indrajeet Deshmukh

Page 1 / 1

There is no intermediary_nat field. Try:
"event.idm.read_only_udm.intermediary.ip" => "natip"

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded