I managed to install MineMeld on-prem and are playing around with it now. As a first task I'd like to setup a domain feed delivering SpeedTest.net hosts from countries we deployed Palo Alto firewalls.
Setting up the miner, a domain aggregator and an output worked, no problem there. We download the full hosts list from http://c.speedtest.net/speedtest-servers-static.php and pass it through to an output feed. However, I don't need all the 7k+ hosts mined. Only those with specific two-digit country codes, such as "CH" or "US". That information is also present in the mined XML file and I tried to fetch this information using "fields" in the input config (field 'countrycode'):
Now I want to filter for this 'countrycode' field in the output node and created a new prototype for this (condition #2):
- __method == 'withdraw'
name: accept withdraws
- countrycode == 'CH'
- share_level == 'green'
name: accept share level green
name: drop all
Result: 0 indicators in that output feed. Thanks for any hints on this. I'd like to avoid creating a miner for every country.
Solved! Go to Solution.
Implemented the following solution now. Filtering all the countries we need directly in the input node. However, it could be desirable to filter the output instead of input.
regex: cc="(CH|US|<some more countries>)".*host="(.*):8080"
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!