This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
Add network direction
editAdd network direction
editThe add_network_direction processor attempts to compute the perimeter-based
network direction when given a source and destination IP address and a list of
internal networks.
Example
edit - add_network_direction:
source: source.ip
destination: destination.ip
target: network.direction
internal_networks: [ private ]
Configuration settings
editElastic Agent processors execute before ingest pipelines, which means that they process the raw event data rather than the final event sent to Elasticsearch. For related limitations, refer to What are some limitations of using processors?
| Name | Required | Default | Description |
|---|---|---|---|
|
Yes |
Source IP. |
|
|
Yes |
Destination IP. |
|
|
Yes |
Target field where the network direction will be written. |
|
|
Yes |
List of internal networks. The value can contain either CIDR blocks or a list of special values enumerated in the network section of Conditions. |