This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Check out the new Professional Security Operations Engineer certification beta!
Log in to ask a question

Getting error while parsing intermediary ip address

Posted on 10-15-2024 07:57 AM
Indrajeet_D
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Namaste Team,

I'm not sure what is wrong with my code, but I am getting the following error while populating the intermediary nat IP address.

Error: generic::unknown: pipeline.ParseLogEntry failed: LOG_PARSING_CBN_ERROR: "generic::invalid_argument: failed to convert raw output to events: failed to convert raw message 0: field \"idm\": index 0: recursive rawDataToProto failed: field \"read_only_udm\": index 0: recursive rawDataToProto failed: field \"intermediary_nat\": no descriptor found"

Code I have written:

if [_collector_internal_ip_address] not in [ "","-" ] {
grok {
match => {
"_collector_internal_ip_address" => [ "%{IP:natip}" ]
}
overwrite => ["natip"]
on_error => "not_valid_natip"
}
}

if ![not_valid_natip] {
mutate {
merge => {
"event.idm.read_only_udm.intermediary_nat.ip" => "natip"
}
}
}

Let me know what I am doing wrong here.

Thanks,
Indrajeet Deshmukh



0 1 178
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
James_E
Staff
Reply posted on --/--/---- --:-- AM

There is no intermediary_nat field.  Try:
"event.idm.read_only_udm.intermediary.ip" => "natip"

0 Likes
Top Solution Authors
View all