Exclude host enrichment

kbering · May 22, 2024, 11:41am

I would like to exclude the flow exporter from being enriched, in our ipaddrs.yml i have a subnet defined:

10.0.9.0/24:
  name: network equipment
  metadata:
    .geo.loc.coord: 2366,87
    .geo.city.name: cityA
    .geo.country.code: ABC
    .geo.country.name: countryA
    .geo.tz.name: Europe

And our flow exporter is within the above subnet flow exporter ip: 10.0.9.2 and the gets enriched like this:

To incl_excl.yml i have added:

exclude:
  #asn:
  #  -
  cidr:
    - 10.0.9.2/32

But that does not seam to work, anyone has an idea of what I am doing wrong?

dxturner · May 22, 2024, 12:35pm

Thanks for the information. We are looking into it. Can you share the flowcoll.yml file?

Regards,
Dexter Turner

kbering · May 24, 2024, 10:03am

I am not able to locate a flowcoll.yml file, I am running Elastiflow from a container

Best regards

Kåre

dxturner · May 24, 2024, 12:59pm

The configuration options for a docker installation are in the docker-compose.yml file.

system · June 23, 2024, 1:00pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Abount netif.yml ElastiFlow Community flow-collector	1	29	July 2, 2024
User metadata as field Network Flows flow-collector	5	74	June 16, 2024
Pmacct V1.7.8+ndpi V4.4+elastiflow V6.4.3 cannot recognize the application in the stream ElastiFlow Community flow-collector	2	70	May 17, 2024
Missing flow.conversation.id values? Network Flows flow-collector	1	129	February 16, 2024
Rename interface ElastiFlow Community	3	54	July 14, 2024

Exclude host enrichment

Related Topics