User metadata as field

kbering · May 15, 2024, 4:13pm

Hello

Is it possible to overwrite the field client.as.organization.name using the user metadata file User-Defined Metadata | ElastiFlow ?

Best regards

Kaare

kbering · May 17, 2024, 10:51am

Ok, so I have tried this in ipaddres.yml:

10.10.0.0/24:
  client.as.organization.name: "companyA"

But the value stays PRIVATE can I overrule this?

dxturner · May 17, 2024, 12:22pm

Is EF_PROCESSOR_ENRICH_IPADDR_METADATA_ENABLE in flowcoll.yml set to true?

Should the syntax in ipaddrs.yml be?

10.10.0.0/24:
  metadata:
     client.as.organization.name: "companyA"

kbering · May 17, 2024, 1:07pm

I have this i the settings, and other metadata settings are working fine:

      EF_PROCESSOR_ENRICH_IPADDR_METADATA_ENABLE: 'true'
      EF_PROCESSOR_ENRICH_IPADDR_METADATA_USERDEF_PATH: '/etc/elastiflow/metadata/ipaddrs.yml'
      EF_PROCESSOR_ENRICH_IPADDR_METADATA_REFRESH_RATE: 15

Putting the client.as.organization.name under metadata does not change the PRIVATE value

Topic		Replies	Views
Netifs.yml is not adding metadata to my records ElastiFlow Community	4	40	November 6, 2025
Exclude host enrichment Network Flows flow-collector	4	142	June 23, 2024
CIDR syntax error for IP address enrichment ElastiFlow Community flow-collector	9	77	July 16, 2025
Specify domains in `/etc/elastiflow/app/ipport.yml` ElastiFlow Community	4	77	April 24, 2025
Show what private IP addresses are accessing what ElastiFlow Community	5	99	April 13, 2025

User metadata as field

Related topics