I am very new to messing with Elastic pipelines and I need help. I want to alert based on whether two fields in a log match. I am not sure the correct way to do this.
The logs are from a Cisco DUO integration. I want alerts if the auth device and the access device countries are different from one another.
Based on some posts, I tried to create a new field in the pipline and use a SET to true based on a condition if cisco_duo.auth.access_device.location.country == cisco_duo.auth.auth_device.location.country
. I was not able to get this to work so I am not sure if it is just my syntax or if I am on the wrong track altogether.
If I can get that to work, I could create an alert based on whether my new field is true or false.
I am open to taking a completely different route as well!
1 post - 1 participant