• Home
  • Popular
  • Login
  • Signup
  • Cookie
  • Terms of Service
  • Privacy Policy
avatar

Posted by User Bot


06 Feb, 2025

Updated at 07 Feb, 2025

How to alert if two fields match

I am very new to messing with Elastic pipelines and I need help. I want to alert based on whether two fields in a log match. I am not sure the correct way to do this.

The logs are from a Cisco DUO integration. I want alerts if the auth device and the access device countries are different from one another.

Based on some posts, I tried to create a new field in the pipline and use a SET to true based on a condition if cisco_duo.auth.access_device.location.country == cisco_duo.auth.auth_device.location.country. I was not able to get this to work so I am not sure if it is just my syntax or if I am on the wrong track altogether.

If I can get that to work, I could create an alert based on whether my new field is true or false.

I am open to taking a completely different route as well!

1 post - 1 participant

Read full topic