Skip to content

Commit 139db07

Browse files
github-actions[bot]kolchfa-aws
github-actions[bot]
and
kolchfa-aws
committed
adding example for CIDR block in Data Prepper (#11203)
* adding example for CIDR block in Data Prepper Signed-off-by: Anton Rubin <[email protected]> * adding example for CIDR block in Data Prepper Signed-off-by: Anton Rubin <[email protected]> * Update _data-prepper/pipelines/cidrcontains.md Signed-off-by: kolchfa-aws <[email protected]> * Update cidrcontains.md Signed-off-by: AntonEliatra <[email protected]> * adding command to test the pipeline Signed-off-by: Anton Rubin <[email protected]> * Update cidrcontains.md Signed-off-by: AntonEliatra <[email protected]> * Update cidrcontains.md Signed-off-by: AntonEliatra <[email protected]> * Update cidrcontains.md Signed-off-by: AntonEliatra <[email protected]> * Update _data-prepper/pipelines/cidrcontains.md Signed-off-by: kolchfa-aws <[email protected]> --------- Signed-off-by: Anton Rubin <[email protected]> Signed-off-by: kolchfa-aws <[email protected]> Signed-off-by: AntonEliatra <[email protected]> Co-authored-by: kolchfa-aws <[email protected]> (cherry picked from commit 05835f7) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
1 parent 18fb8bb commit 139db07

File tree

1 file changed

+79
-0
lines changed

1 file changed

+79
-0
lines changed

_data-prepper/pipelines/cidrcontains.md

Lines changed: 79 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,3 +22,82 @@ cidrContains('/client.ip', '192.168.0.0/16', '10.0.0.0/8')
2222
{% include copy.html %}
2323

2424
This function returns `true` if the IP address matches any of the specified CIDR blocks or `false` if it does not.
25+
26+
## Example
27+
28+
The following pipeline discards any documents that are not part of the specified CIDR blocks:
29+
30+
```yaml
31+
cidr-allowlist-pipeline:
32+
source:
33+
http:
34+
path: /events
35+
ssl: true
36+
sslKeyCertChainFile: certs/dp.crt
37+
sslKeyFile: certs/dp.key
38+
processor:
39+
- drop_events:
40+
# Drop events whose client IP is NOT in specific CIDR allowlist
41+
drop_when: 'not cidrContains(/client/ip, "10.0.0.0/8", "192.168.0.0/16", "fd00::/8")'
42+
sink:
43+
- opensearch:
44+
hosts: ["https://opensearch:9200"]
45+
insecure: true
46+
username: admin
47+
password: admin_pass
48+
index_type: custom
49+
index: logs-%{yyyy.MM.dd}
50+
```
51+
{% include copy.html %}
52+
53+
You can test this pipeline using the following command:
54+
55+
```bash
56+
curl -ksS -X POST "https://localhost:2021/events" \
57+
-H "Content-Type: application/json" \
58+
-d '[
59+
{"client":{"ip":"10.23.45.6"},"msg":"allowed 10/8"},
60+
{"client":{"ip":"8.8.8.8"},"msg":"should be dropped"},
61+
{"client":{"ip":"fd00::1234"},"msg":"allowed ULA IPv6"}
62+
]'
63+
```
64+
{% include copy.html %}
65+
66+
The documents stored in OpenSearch contain the following information:
67+
68+
```json
69+
{
70+
...
71+
"hits": {
72+
"total": {
73+
"value": 2,
74+
"relation": "eq"
75+
},
76+
"max_score": 1,
77+
"hits": [
78+
{
79+
"_index": "logs-2025.10.14",
80+
"_id": "Ng1i4pkBLPEKXekW48BU",
81+
"_score": 1,
82+
"_source": {
83+
"client": {
84+
"ip": "10.23.45.6"
85+
},
86+
"msg": "allowed 10/8"
87+
}
88+
},
89+
{
90+
"_index": "logs-2025.10.14",
91+
"_id": "Nw1i4pkBLPEKXekW48BU",
92+
"_score": 1,
93+
"_source": {
94+
"client": {
95+
"ip": "fd00::1234"
96+
},
97+
"msg": "allowed ULA IPv6"
98+
}
99+
}
100+
]
101+
}
102+
}
103+
```

0 commit comments

Comments
 (0)