Describe the feature:
As a user that processes networking logs with Ingest Node, I would like to have an Ingest Node processor for populating the Elastic Common Schema (ECS) network.community_id field. At a high level this value is a hash of the source/destination addresses and protocol.
This is a useful field for correlating all events related to the same network flow regardless of the flow direction. For example correlating Packetbeat events other network log sources.
References
Describe the feature:
As a user that processes networking logs with Ingest Node, I would like to have an Ingest Node processor for populating the Elastic Common Schema (ECS)
network.community_idfield. At a high level this value is a hash of the source/destination addresses and protocol.This is a useful field for correlating all events related to the same network flow regardless of the flow direction. For example correlating Packetbeat events other network log sources.
References
network.community_idfieldcommunity_idprocessor