Skip to content

Instantly share code, notes, and snippets.

@bgeels

bgeels/Example Large Logstash Config

Created December 15, 2017 16:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bgeels/77c26ffd1cd9f733780b986c969abfc8 to your computer and use it in GitHub Desktop.
Save bgeels/77c26ffd1cd9f733780b986c969abfc8 to your computer and use it in GitHub Desktop.
Download ZIP
example of a logstash configuration file with 1000 conditional statements
Raw
Example Large Logstash Config
input {
http {
host => "127.0.0.1" # default: 0.0.0.0
port => 8080
}
}
filter{
if [device] == 'device_0' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_0'
}
}
}
if [device] == 'device_1' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_1'
}
}
}
if [device] == 'device_2' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_2'
}
}
}
if [device] == 'device_3' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_3'
}
}
}
if [device] == 'device_4' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_4'
}
}
}
if [device] == 'device_5' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_5'
}
}
}
if [device] == 'device_6' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_6'
}
}
}
if [device] == 'device_7' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_7'
}
}
}
if [device] == 'device_8' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_8'
}
}
}
if [device] == 'device_9' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_9'
}
}
}
if [device] == 'device_10' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_10'
}
}
}
if [device] == 'device_11' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_11'
}
}
}
if [device] == 'device_12' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_12'
}
}
}
if [device] == 'device_13' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_13'
}
}
}
if [device] == 'device_14' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_14'
}
}
}
if [device] == 'device_15' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_15'
}
}
}
if [device] == 'device_16' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_16'
}
}
}
if [device] == 'device_17' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_17'
}
}
}
if [device] == 'device_18' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_18'
}
}
}
if [device] == 'device_19' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_19'
}
}
}
if [device] == 'device_20' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_20'
}
}
}
if [device] == 'device_21' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_21'
}
}
}
if [device] == 'device_22' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_22'
}
}
}
if [device] == 'device_23' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_23'
}
}
}
if [device] == 'device_24' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_24'
}
}
}
if [device] == 'device_25' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_25'
}
}
}
if [device] == 'device_26' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_26'
}
}
}
if [device] == 'device_27' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_27'
}
}
}
if [device] == 'device_28' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_28'
}
}
}
if [device] == 'device_29' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_29'
}
}
}
if [device] == 'device_30' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_30'
}
}
}
if [device] == 'device_31' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_31'
}
}
}
if [device] == 'device_32' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_32'
}
}
}
if [device] == 'device_33' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_33'
}
}
}
if [device] == 'device_34' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_34'
}
}
}
if [device] == 'device_35' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_35'
}
}
}
if [device] == 'device_36' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_36'
}
}
}
if [device] == 'device_37' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_37'
}
}
}
if [device] == 'device_38' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_38'
}
}
}
if [device] == 'device_39' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_39'
}
}
}
if [device] == 'device_40' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_40'
}
}
}
if [device] == 'device_41' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_41'
}
}
}
if [device] == 'device_42' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_42'
}
}
}
if [device] == 'device_43' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_43'
}
}
}
if [device] == 'device_44' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_44'
}
}
}
if [device] == 'device_45' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_45'
}
}
}
if [device] == 'device_46' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_46'
}
}
}
if [device] == 'device_47' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_47'
}
}
}
if [device] == 'device_48' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_48'
}
}
}
if [device] == 'device_49' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_49'
}
}
}
if [device] == 'device_50' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_50'
}
}
}
if [device] == 'device_51' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_51'
}
}
}
if [device] == 'device_52' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_52'
}
}
}
if [device] == 'device_53' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_53'
}
}
}
if [device] == 'device_54' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_54'
}
}
}
if [device] == 'device_55' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_55'
}
}
}
if [device] == 'device_56' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_56'
}
}
}
if [device] == 'device_57' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_57'
}
}
}
if [device] == 'device_58' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_58'
}
}
}
if [device] == 'device_59' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_59'
}
}
}
if [device] == 'device_60' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_60'
}
}
}
if [device] == 'device_61' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_61'
}
}
}
if [device] == 'device_62' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_62'
}
}
}
if [device] == 'device_63' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_63'
}
}
}
if [device] == 'device_64' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_64'
}
}
}
if [device] == 'device_65' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_65'
}
}
}
if [device] == 'device_66' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_66'
}
}
}
if [device] == 'device_67' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_67'
}
}
}
if [device] == 'device_68' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_68'
}
}
}
if [device] == 'device_69' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_69'
}
}
}
if [device] == 'device_70' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_70'
}
}
}
if [device] == 'device_71' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_71'
}
}
}
if [device] == 'device_72' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_72'
}
}
}
if [device] == 'device_73' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_73'
}
}
}
if [device] == 'device_74' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_74'
}
}
}
if [device] == 'device_75' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_75'
}
}
}
if [device] == 'device_76' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_76'
}
}
}
if [device] == 'device_77' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_77'
}
}
}
if [device] == 'device_78' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_78'
}
}
}
if [device] == 'device_79' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_79'
}
}
}
if [device] == 'device_80' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_80'
}
}
}
if [device] == 'device_81' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_81'
}
}
}
if [device] == 'device_82' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_82'
}
}
}
if [device] == 'device_83' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_83'
}
}
}
if [device] == 'device_84' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_84'
}
}
}
if [device] == 'device_85' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_85'
}
}
}
if [device] == 'device_86' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_86'
}
}
}
if [device] == 'device_87' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_87'
}
}
}
if [device] == 'device_88' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_88'
}
}
}
if [device] == 'device_89' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_89'
}
}
}
if [device] == 'device_90' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_90'
}
}
}
if [device] == 'device_91' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_91'
}
}
}
if [device] == 'device_92' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_92'
}
}
}
if [device] == 'device_93' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_93'
}
}
}
if [device] == 'device_94' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_94'
}
}
}
if [device] == 'device_95' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_95'
}
}
}
if [device] == 'device_96' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_96'
}
}
}
if [device] == 'device_97' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_97'
}
}
}
if [device] == 'device_98' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_98'
}
}
}
if [device] == 'device_99' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_99'
}
}
}
if [device] == 'device_100' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_100'
}
}
}
if [device] == 'device_101' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_101'
}
}
}
if [device] == 'device_102' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_102'
}
}
}
if [device] == 'device_103' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_103'
}
}
}
if [device] == 'device_104' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_104'
}
}
}
if [device] == 'device_105' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_105'
}
}
}
if [device] == 'device_106' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_106'
}
}
}
if [device] == 'device_107' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_107'
}
}
}
if [device] == 'device_108' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_108'
}
}
}
if [device] == 'device_109' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_109'
}
}
}
if [device] == 'device_110' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_110'
}
}
}
if [device] == 'device_111' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_111'
}
}
}
if [device] == 'device_112' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_112'
}
}
}
if [device] == 'device_113' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_113'
}
}
}
if [device] == 'device_114' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_114'
}
}
}
if [device] == 'device_115' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_115'
}
}
}
if [device] == 'device_116' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_116'
}
}
}
if [device] == 'device_117' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_117'
}
}
}
if [device] == 'device_118' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_118'
}
}
}
if [device] == 'device_119' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_119'
}
}
}
if [device] == 'device_120' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_120'
}
}
}
if [device] == 'device_121' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_121'
}
}
}
if [device] == 'device_122' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_122'
}
}
}
if [device] == 'device_123' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_123'
}
}
}
if [device] == 'device_124' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_124'
}
}
}
if [device] == 'device_125' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_125'
}
}
}
if [device] == 'device_126' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_126'
}
}
}
if [device] == 'device_127' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_127'
}
}
}
if [device] == 'device_128' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_128'
}
}
}
if [device] == 'device_129' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_129'
}
}
}
if [device] == 'device_130' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_130'
}
}
}
if [device] == 'device_131' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_131'
}
}
}
if [device] == 'device_132' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_132'
}
}
}
if [device] == 'device_133' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_133'
}
}
}
if [device] == 'device_134' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_134'
}
}
}
if [device] == 'device_135' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_135'
}
}
}
if [device] == 'device_136' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_136'
}
}
}
if [device] == 'device_137' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_137'
}
}
}
if [device] == 'device_138' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_138'
}
}
}
if [device] == 'device_139' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_139'
}
}
}
if [device] == 'device_140' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_140'
}
}
}
if [device] == 'device_141' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_141'
}
}
}
if [device] == 'device_142' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_142'
}
}
}
if [device] == 'device_143' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_143'
}
}
}
if [device] == 'device_144' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_144'
}
}
}
if [device] == 'device_145' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_145'
}
}
}
if [device] == 'device_146' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_146'
}
}
}
if [device] == 'device_147' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_147'
}
}
}
if [device] == 'device_148' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_148'
}
}
}
if [device] == 'device_149' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_149'
}
}
}
if [device] == 'device_150' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_150'
}
}
}
if [device] == 'device_151' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_151'
}
}
}
if [device] == 'device_152' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_152'
}
}
}
if [device] == 'device_153' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_153'
}
}
}
if [device] == 'device_154' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_154'
}
}
}
if [device] == 'device_155' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_155'
}
}
}
if [device] == 'device_156' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_156'
}
}
}
if [device] == 'device_157' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_157'
}
}
}
if [device] == 'device_158' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_158'
}
}
}
if [device] == 'device_159' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_159'
}
}
}
if [device] == 'device_160' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_160'
}
}
}
if [device] == 'device_161' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_161'
}
}
}
if [device] == 'device_162' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_162'
}
}
}
if [device] == 'device_163' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_163'
}
}
}
if [device] == 'device_164' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_164'
}
}
}
if [device] == 'device_165' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_165'
}
}
}
if [device] == 'device_166' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_166'
}
}
}
if [device] == 'device_167' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_167'
}
}
}
if [device] == 'device_168' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_168'
}
}
}
if [device] == 'device_169' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_169'
}
}
}
if [device] == 'device_170' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_170'
}
}
}
if [device] == 'device_171' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_171'
}
}
}
if [device] == 'device_172' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_172'
}
}
}
if [device] == 'device_173' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_173'
}
}
}
if [device] == 'device_174' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_174'
}
}
}
if [device] == 'device_175' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_175'
}
}
}
if [device] == 'device_176' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_176'
}
}
}
if [device] == 'device_177' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_177'
}
}
}
if [device] == 'device_178' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_178'
}
}
}
if [device] == 'device_179' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_179'
}
}
}
if [device] == 'device_180' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_180'
}
}
}
if [device] == 'device_181' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_181'
}
}
}
if [device] == 'device_182' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_182'
}
}
}
if [device] == 'device_183' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_183'
}
}
}
if [device] == 'device_184' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_184'
}
}
}
if [device] == 'device_185' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_185'
}
}
}
if [device] == 'device_186' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_186'
}
}
}
if [device] == 'device_187' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_187'
}
}
}
if [device] == 'device_188' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_188'
}
}
}
if [device] == 'device_189' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_189'
}
}
}
if [device] == 'device_190' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_190'
}
}
}
if [device] == 'device_191' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_191'
}
}
}
if [device] == 'device_192' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_192'
}
}
}
if [device] == 'device_193' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_193'
}
}
}
if [device] == 'device_194' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_194'
}
}
}
if [device] == 'device_195' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_195'
}
}
}
if [device] == 'device_196' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_196'
}
}
}
if [device] == 'device_197' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_197'
}
}
}
if [device] == 'device_198' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_198'
}
}
}
if [device] == 'device_199' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_199'
}
}
}
if [device] == 'device_200' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_200'
}
}
}
if [device] == 'device_201' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_201'
}
}
}
if [device] == 'device_202' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_202'
}
}
}
if [device] == 'device_203' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_203'
}
}
}
if [device] == 'device_204' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_204'
}
}
}
if [device] == 'device_205' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_205'
}
}
}
if [device] == 'device_206' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_206'
}
}
}
if [device] == 'device_207' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_207'
}
}
}
if [device] == 'device_208' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_208'
}
}
}
if [device] == 'device_209' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_209'
}
}
}
if [device] == 'device_210' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_210'
}
}
}
if [device] == 'device_211' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_211'
}
}
}
if [device] == 'device_212' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_212'
}
}
}
if [device] == 'device_213' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_213'
}
}
}
if [device] == 'device_214' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_214'
}
}
}
if [device] == 'device_215' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_215'
}
}
}
if [device] == 'device_216' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_216'
}
}
}
if [device] == 'device_217' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_217'
}
}
}
if [device] == 'device_218' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_218'
}
}
}
if [device] == 'device_219' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_219'
}
}
}
if [device] == 'device_220' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_220'
}
}
}
if [device] == 'device_221' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_221'
}
}
}
if [device] == 'device_222' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_222'
}
}
}
if [device] == 'device_223' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_223'
}
}
}
if [device] == 'device_224' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_224'
}
}
}
if [device] == 'device_225' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_225'
}
}
}
if [device] == 'device_226' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_226'
}
}
}
if [device] == 'device_227' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_227'
}
}
}
if [device] == 'device_228' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_228'
}
}
}
if [device] == 'device_229' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_229'
}
}
}
if [device] == 'device_230' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_230'
}
}
}
if [device] == 'device_231' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_231'
}
}
}
if [device] == 'device_232' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_232'
}
}
}
if [device] == 'device_233' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_233'
}
}
}
if [device] == 'device_234' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_234'
}
}
}
if [device] == 'device_235' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_235'
}
}
}
if [device] == 'device_236' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_236'
}
}
}
if [device] == 'device_237' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_237'
}
}
}
if [device] == 'device_238' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_238'
}
}
}
if [device] == 'device_239' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_239'
}
}
}
if [device] == 'device_240' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_240'
}
}
}
if [device] == 'device_241' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_241'
}
}
}
if [device] == 'device_242' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_242'
}
}
}
if [device] == 'device_243' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_243'
}
}
}
if [device] == 'device_244' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_244'
}
}
}
if [device] == 'device_245' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_245'
}
}
}
if [device] == 'device_246' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_246'
}
}
}
if [device] == 'device_247' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_247'
}
}
}
if [device] == 'device_248' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_248'
}
}
}
if [device] == 'device_249' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_249'
}
}
}
if [device] == 'device_250' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_250'
}
}
}
if [device] == 'device_251' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_251'
}
}
}
if [device] == 'device_252' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_252'
}
}
}
if [device] == 'device_253' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_253'
}
}
}
if [device] == 'device_254' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_254'
}
}
}
if [device] == 'device_255' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_255'
}
}
}
if [device] == 'device_256' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_256'
}
}
}
if [device] == 'device_257' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_257'
}
}
}
if [device] == 'device_258' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_258'
}
}
}
if [device] == 'device_259' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_259'
}
}
}
if [device] == 'device_260' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_260'
}
}
}
if [device] == 'device_261' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_261'
}
}
}
if [device] == 'device_262' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_262'
}
}
}
if [device] == 'device_263' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_263'
}
}
}
if [device] == 'device_264' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_264'
}
}
}
if [device] == 'device_265' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_265'
}
}
}
if [device] == 'device_266' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_266'
}
}
}
if [device] == 'device_267' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_267'
}
}
}
if [device] == 'device_268' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_268'
}
}
}
if [device] == 'device_269' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_269'
}
}
}
if [device] == 'device_270' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_270'
}
}
}
if [device] == 'device_271' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_271'
}
}
}
if [device] == 'device_272' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_272'
}
}
}
if [device] == 'device_273' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_273'
}
}
}
if [device] == 'device_274' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_274'
}
}
}
if [device] == 'device_275' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_275'
}
}
}
if [device] == 'device_276' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_276'
}
}
}
if [device] == 'device_277' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_277'
}
}
}
if [device] == 'device_278' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_278'
}
}
}
if [device] == 'device_279' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_279'
}
}
}
if [device] == 'device_280' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_280'
}
}
}
if [device] == 'device_281' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_281'
}
}
}
if [device] == 'device_282' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_282'
}
}
}
if [device] == 'device_283' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_283'
}
}
}
if [device] == 'device_284' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_284'
}
}
}
if [device] == 'device_285' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_285'
}
}
}
if [device] == 'device_286' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_286'
}
}
}
if [device] == 'device_287' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_287'
}
}
}
if [device] == 'device_288' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_288'
}
}
}
if [device] == 'device_289' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_289'
}
}
}
if [device] == 'device_290' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_290'
}
}
}
if [device] == 'device_291' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_291'
}
}
}
if [device] == 'device_292' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_292'
}
}
}
if [device] == 'device_293' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_293'
}
}
}
if [device] == 'device_294' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_294'
}
}
}
if [device] == 'device_295' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_295'
}
}
}
if [device] == 'device_296' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_296'
}
}
}
if [device] == 'device_297' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_297'
}
}
}
if [device] == 'device_298' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_298'
}
}
}
if [device] == 'device_299' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_299'
}
}
}
if [device] == 'device_300' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_300'
}
}
}
if [device] == 'device_301' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_301'
}
}
}
if [device] == 'device_302' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_302'
}
}
}
if [device] == 'device_303' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_303'
}
}
}
if [device] == 'device_304' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_304'
}
}
}
if [device] == 'device_305' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_305'
}
}
}
if [device] == 'device_306' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_306'
}
}
}
if [device] == 'device_307' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_307'
}
}
}
if [device] == 'device_308' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_308'
}
}
}
if [device] == 'device_309' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_309'
}
}
}
if [device] == 'device_310' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_310'
}
}
}
if [device] == 'device_311' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_311'
}
}
}
if [device] == 'device_312' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_312'
}
}
}
if [device] == 'device_313' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_313'
}
}
}
if [device] == 'device_314' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_314'
}
}
}
if [device] == 'device_315' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_315'
}
}
}
if [device] == 'device_316' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_316'
}
}
}
if [device] == 'device_317' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_317'
}
}
}
if [device] == 'device_318' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_318'
}
}
}
if [device] == 'device_319' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_319'
}
}
}
if [device] == 'device_320' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_320'
}
}
}
if [device] == 'device_321' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_321'
}
}
}
if [device] == 'device_322' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_322'
}
}
}
if [device] == 'device_323' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_323'
}
}
}
if [device] == 'device_324' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_324'
}
}
}
if [device] == 'device_325' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_325'
}
}
}
if [device] == 'device_326' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_326'
}
}
}
if [device] == 'device_327' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_327'
}
}
}
if [device] == 'device_328' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_328'
}
}
}
if [device] == 'device_329' and [network] == 'network_b' {
mutate {
update => {
'rule_matched' => 'rule_329'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_330' {
mutate {
update => {
'rule_matched' => 'rule_330'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_331' {
mutate {
update => {
'rule_matched' => 'rule_331'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_332' {
mutate {
update => {
'rule_matched' => 'rule_332'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_333' {
mutate {
update => {
'rule_matched' => 'rule_333'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_334' {
mutate {
update => {
'rule_matched' => 'rule_334'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_335' {
mutate {
update => {
'rule_matched' => 'rule_335'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_336' {
mutate {
update => {
'rule_matched' => 'rule_336'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_337' {
mutate {
update => {
'rule_matched' => 'rule_337'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_338' {
mutate {
update => {
'rule_matched' => 'rule_338'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_339' {
mutate {
update => {
'rule_matched' => 'rule_339'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_340' {
mutate {
update => {
'rule_matched' => 'rule_340'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_341' {
mutate {
update => {
'rule_matched' => 'rule_341'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_342' {
mutate {
update => {
'rule_matched' => 'rule_342'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_343' {
mutate {
update => {
'rule_matched' => 'rule_343'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_344' {
mutate {
update => {
'rule_matched' => 'rule_344'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_345' {
mutate {
update => {
'rule_matched' => 'rule_345'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_346' {
mutate {
update => {
'rule_matched' => 'rule_346'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_347' {
mutate {
update => {
'rule_matched' => 'rule_347'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_348' {
mutate {
update => {
'rule_matched' => 'rule_348'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_349' {
mutate {
update => {
'rule_matched' => 'rule_349'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_350' {
mutate {
update => {
'rule_matched' => 'rule_350'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_351' {
mutate {
update => {
'rule_matched' => 'rule_351'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_352' {
mutate {
update => {
'rule_matched' => 'rule_352'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_353' {
mutate {
update => {
'rule_matched' => 'rule_353'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_354' {
mutate {
update => {
'rule_matched' => 'rule_354'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_355' {
mutate {
update => {
'rule_matched' => 'rule_355'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_356' {
mutate {
update => {
'rule_matched' => 'rule_356'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_357' {
mutate {
update => {
'rule_matched' => 'rule_357'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_358' {
mutate {
update => {
'rule_matched' => 'rule_358'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_359' {
mutate {
update => {
'rule_matched' => 'rule_359'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_360' {
mutate {
update => {
'rule_matched' => 'rule_360'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_361' {
mutate {
update => {
'rule_matched' => 'rule_361'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_362' {
mutate {
update => {
'rule_matched' => 'rule_362'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_363' {
mutate {
update => {
'rule_matched' => 'rule_363'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_364' {
mutate {
update => {
'rule_matched' => 'rule_364'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_365' {
mutate {
update => {
'rule_matched' => 'rule_365'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_366' {
mutate {
update => {
'rule_matched' => 'rule_366'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_367' {
mutate {
update => {
'rule_matched' => 'rule_367'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_368' {
mutate {
update => {
'rule_matched' => 'rule_368'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_369' {
mutate {
update => {
'rule_matched' => 'rule_369'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_370' {
mutate {
update => {
'rule_matched' => 'rule_370'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_371' {
mutate {
update => {
'rule_matched' => 'rule_371'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_372' {
mutate {
update => {
'rule_matched' => 'rule_372'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_373' {
mutate {
update => {
'rule_matched' => 'rule_373'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_374' {
mutate {
update => {
'rule_matched' => 'rule_374'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_375' {
mutate {
update => {
'rule_matched' => 'rule_375'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_376' {
mutate {
update => {
'rule_matched' => 'rule_376'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_377' {
mutate {
update => {
'rule_matched' => 'rule_377'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_378' {
mutate {
update => {
'rule_matched' => 'rule_378'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_379' {
mutate {
update => {
'rule_matched' => 'rule_379'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_380' {
mutate {
update => {
'rule_matched' => 'rule_380'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_381' {
mutate {
update => {
'rule_matched' => 'rule_381'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_382' {
mutate {
update => {
'rule_matched' => 'rule_382'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_383' {
mutate {
update => {
'rule_matched' => 'rule_383'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_384' {
mutate {
update => {
'rule_matched' => 'rule_384'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_385' {
mutate {
update => {
'rule_matched' => 'rule_385'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_386' {
mutate {
update => {
'rule_matched' => 'rule_386'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_387' {
mutate {
update => {
'rule_matched' => 'rule_387'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_388' {
mutate {
update => {
'rule_matched' => 'rule_388'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_389' {
mutate {
update => {
'rule_matched' => 'rule_389'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_390' {
mutate {
update => {
'rule_matched' => 'rule_390'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_391' {
mutate {
update => {
'rule_matched' => 'rule_391'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_392' {
mutate {
update => {
'rule_matched' => 'rule_392'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_393' {
mutate {
update => {
'rule_matched' => 'rule_393'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_394' {
mutate {
update => {
'rule_matched' => 'rule_394'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_395' {
mutate {
update => {
'rule_matched' => 'rule_395'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_396' {
mutate {
update => {
'rule_matched' => 'rule_396'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_397' {
mutate {
update => {
'rule_matched' => 'rule_397'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_398' {
mutate {
update => {
'rule_matched' => 'rule_398'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_399' {
mutate {
update => {
'rule_matched' => 'rule_399'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_400' {
mutate {
update => {
'rule_matched' => 'rule_400'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_401' {
mutate {
update => {
'rule_matched' => 'rule_401'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_402' {
mutate {
update => {
'rule_matched' => 'rule_402'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_403' {
mutate {
update => {
'rule_matched' => 'rule_403'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_404' {
mutate {
update => {
'rule_matched' => 'rule_404'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_405' {
mutate {
update => {
'rule_matched' => 'rule_405'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_406' {
mutate {
update => {
'rule_matched' => 'rule_406'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_407' {
mutate {
update => {
'rule_matched' => 'rule_407'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_408' {
mutate {
update => {
'rule_matched' => 'rule_408'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_409' {
mutate {
update => {
'rule_matched' => 'rule_409'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_410' {
mutate {
update => {
'rule_matched' => 'rule_410'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_411' {
mutate {
update => {
'rule_matched' => 'rule_411'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_412' {
mutate {
update => {
'rule_matched' => 'rule_412'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_413' {
mutate {
update => {
'rule_matched' => 'rule_413'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_414' {
mutate {
update => {
'rule_matched' => 'rule_414'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_415' {
mutate {
update => {
'rule_matched' => 'rule_415'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_416' {
mutate {
update => {
'rule_matched' => 'rule_416'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_417' {
mutate {
update => {
'rule_matched' => 'rule_417'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_418' {
mutate {
update => {
'rule_matched' => 'rule_418'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_419' {
mutate {
update => {
'rule_matched' => 'rule_419'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_420' {
mutate {
update => {
'rule_matched' => 'rule_420'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_421' {
mutate {
update => {
'rule_matched' => 'rule_421'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_422' {
mutate {
update => {
'rule_matched' => 'rule_422'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_423' {
mutate {
update => {
'rule_matched' => 'rule_423'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_424' {
mutate {
update => {
'rule_matched' => 'rule_424'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_425' {
mutate {
update => {
'rule_matched' => 'rule_425'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_426' {
mutate {
update => {
'rule_matched' => 'rule_426'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_427' {
mutate {
update => {
'rule_matched' => 'rule_427'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_428' {
mutate {
update => {
'rule_matched' => 'rule_428'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_429' {
mutate {
update => {
'rule_matched' => 'rule_429'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_430' {
mutate {
update => {
'rule_matched' => 'rule_430'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_431' {
mutate {
update => {
'rule_matched' => 'rule_431'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_432' {
mutate {
update => {
'rule_matched' => 'rule_432'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_433' {
mutate {
update => {
'rule_matched' => 'rule_433'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_434' {
mutate {
update => {
'rule_matched' => 'rule_434'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_435' {
mutate {
update => {
'rule_matched' => 'rule_435'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_436' {
mutate {
update => {
'rule_matched' => 'rule_436'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_437' {
mutate {
update => {
'rule_matched' => 'rule_437'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_438' {
mutate {
update => {
'rule_matched' => 'rule_438'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_439' {
mutate {
update => {
'rule_matched' => 'rule_439'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_440' {
mutate {
update => {
'rule_matched' => 'rule_440'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_441' {
mutate {
update => {
'rule_matched' => 'rule_441'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_442' {
mutate {
update => {
'rule_matched' => 'rule_442'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_443' {
mutate {
update => {
'rule_matched' => 'rule_443'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_444' {
mutate {
update => {
'rule_matched' => 'rule_444'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_445' {
mutate {
update => {
'rule_matched' => 'rule_445'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_446' {
mutate {
update => {
'rule_matched' => 'rule_446'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_447' {
mutate {
update => {
'rule_matched' => 'rule_447'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_448' {
mutate {
update => {
'rule_matched' => 'rule_448'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_449' {
mutate {
update => {
'rule_matched' => 'rule_449'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_450' {
mutate {
update => {
'rule_matched' => 'rule_450'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_451' {
mutate {
update => {
'rule_matched' => 'rule_451'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_452' {
mutate {
update => {
'rule_matched' => 'rule_452'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_453' {
mutate {
update => {
'rule_matched' => 'rule_453'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_454' {
mutate {
update => {
'rule_matched' => 'rule_454'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_455' {
mutate {
update => {
'rule_matched' => 'rule_455'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_456' {
mutate {
update => {
'rule_matched' => 'rule_456'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_457' {
mutate {
update => {
'rule_matched' => 'rule_457'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_458' {
mutate {
update => {
'rule_matched' => 'rule_458'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_459' {
mutate {
update => {
'rule_matched' => 'rule_459'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_460' {
mutate {
update => {
'rule_matched' => 'rule_460'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_461' {
mutate {
update => {
'rule_matched' => 'rule_461'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_462' {
mutate {
update => {
'rule_matched' => 'rule_462'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_463' {
mutate {
update => {
'rule_matched' => 'rule_463'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_464' {
mutate {
update => {
'rule_matched' => 'rule_464'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_465' {
mutate {
update => {
'rule_matched' => 'rule_465'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_466' {
mutate {
update => {
'rule_matched' => 'rule_466'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_467' {
mutate {
update => {
'rule_matched' => 'rule_467'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_468' {
mutate {
update => {
'rule_matched' => 'rule_468'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_469' {
mutate {
update => {
'rule_matched' => 'rule_469'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_470' {
mutate {
update => {
'rule_matched' => 'rule_470'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_471' {
mutate {
update => {
'rule_matched' => 'rule_471'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_472' {
mutate {
update => {
'rule_matched' => 'rule_472'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_473' {
mutate {
update => {
'rule_matched' => 'rule_473'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_474' {
mutate {
update => {
'rule_matched' => 'rule_474'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_475' {
mutate {
update => {
'rule_matched' => 'rule_475'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_476' {
mutate {
update => {
'rule_matched' => 'rule_476'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_477' {
mutate {
update => {
'rule_matched' => 'rule_477'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_478' {
mutate {
update => {
'rule_matched' => 'rule_478'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_479' {
mutate {
update => {
'rule_matched' => 'rule_479'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_480' {
mutate {
update => {
'rule_matched' => 'rule_480'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_481' {
mutate {
update => {
'rule_matched' => 'rule_481'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_482' {
mutate {
update => {
'rule_matched' => 'rule_482'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_483' {
mutate {
update => {
'rule_matched' => 'rule_483'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_484' {
mutate {
update => {
'rule_matched' => 'rule_484'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_485' {
mutate {
update => {
'rule_matched' => 'rule_485'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_486' {
mutate {
update => {
'rule_matched' => 'rule_486'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_487' {
mutate {
update => {
'rule_matched' => 'rule_487'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_488' {
mutate {
update => {
'rule_matched' => 'rule_488'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_489' {
mutate {
update => {
'rule_matched' => 'rule_489'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_490' {
mutate {
update => {
'rule_matched' => 'rule_490'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_491' {
mutate {
update => {
'rule_matched' => 'rule_491'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_492' {
mutate {
update => {
'rule_matched' => 'rule_492'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_493' {
mutate {
update => {
'rule_matched' => 'rule_493'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_494' {
mutate {
update => {
'rule_matched' => 'rule_494'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_495' {
mutate {
update => {
'rule_matched' => 'rule_495'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_496' {
mutate {
update => {
'rule_matched' => 'rule_496'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_497' {
mutate {
update => {
'rule_matched' => 'rule_497'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_498' {
mutate {
update => {
'rule_matched' => 'rule_498'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_499' {
mutate {
update => {
'rule_matched' => 'rule_499'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_500' {
mutate {
update => {
'rule_matched' => 'rule_500'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_501' {
mutate {
update => {
'rule_matched' => 'rule_501'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_502' {
mutate {
update => {
'rule_matched' => 'rule_502'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_503' {
mutate {
update => {
'rule_matched' => 'rule_503'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_504' {
mutate {
update => {
'rule_matched' => 'rule_504'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_505' {
mutate {
update => {
'rule_matched' => 'rule_505'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_506' {
mutate {
update => {
'rule_matched' => 'rule_506'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_507' {
mutate {
update => {
'rule_matched' => 'rule_507'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_508' {
mutate {
update => {
'rule_matched' => 'rule_508'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_509' {
mutate {
update => {
'rule_matched' => 'rule_509'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_510' {
mutate {
update => {
'rule_matched' => 'rule_510'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_511' {
mutate {
update => {
'rule_matched' => 'rule_511'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_512' {
mutate {
update => {
'rule_matched' => 'rule_512'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_513' {
mutate {
update => {
'rule_matched' => 'rule_513'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_514' {
mutate {
update => {
'rule_matched' => 'rule_514'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_515' {
mutate {
update => {
'rule_matched' => 'rule_515'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_516' {
mutate {
update => {
'rule_matched' => 'rule_516'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_517' {
mutate {
update => {
'rule_matched' => 'rule_517'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_518' {
mutate {
update => {
'rule_matched' => 'rule_518'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_519' {
mutate {
update => {
'rule_matched' => 'rule_519'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_520' {
mutate {
update => {
'rule_matched' => 'rule_520'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_521' {
mutate {
update => {
'rule_matched' => 'rule_521'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_522' {
mutate {
update => {
'rule_matched' => 'rule_522'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_523' {
mutate {
update => {
'rule_matched' => 'rule_523'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_524' {
mutate {
update => {
'rule_matched' => 'rule_524'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_525' {
mutate {
update => {
'rule_matched' => 'rule_525'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_526' {
mutate {
update => {
'rule_matched' => 'rule_526'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_527' {
mutate {
update => {
'rule_matched' => 'rule_527'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_528' {
mutate {
update => {
'rule_matched' => 'rule_528'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_529' {
mutate {
update => {
'rule_matched' => 'rule_529'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_530' {
mutate {
update => {
'rule_matched' => 'rule_530'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_531' {
mutate {
update => {
'rule_matched' => 'rule_531'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_532' {
mutate {
update => {
'rule_matched' => 'rule_532'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_533' {
mutate {
update => {
'rule_matched' => 'rule_533'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_534' {
mutate {
update => {
'rule_matched' => 'rule_534'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_535' {
mutate {
update => {
'rule_matched' => 'rule_535'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_536' {
mutate {
update => {
'rule_matched' => 'rule_536'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_537' {
mutate {
update => {
'rule_matched' => 'rule_537'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_538' {
mutate {
update => {
'rule_matched' => 'rule_538'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_539' {
mutate {
update => {
'rule_matched' => 'rule_539'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_540' {
mutate {
update => {
'rule_matched' => 'rule_540'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_541' {
mutate {
update => {
'rule_matched' => 'rule_541'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_542' {
mutate {
update => {
'rule_matched' => 'rule_542'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_543' {
mutate {
update => {
'rule_matched' => 'rule_543'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_544' {
mutate {
update => {
'rule_matched' => 'rule_544'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_545' {
mutate {
update => {
'rule_matched' => 'rule_545'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_546' {
mutate {
update => {
'rule_matched' => 'rule_546'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_547' {
mutate {
update => {
'rule_matched' => 'rule_547'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_548' {
mutate {
update => {
'rule_matched' => 'rule_548'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_549' {
mutate {
update => {
'rule_matched' => 'rule_549'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_550' {
mutate {
update => {
'rule_matched' => 'rule_550'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_551' {
mutate {
update => {
'rule_matched' => 'rule_551'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_552' {
mutate {
update => {
'rule_matched' => 'rule_552'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_553' {
mutate {
update => {
'rule_matched' => 'rule_553'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_554' {
mutate {
update => {
'rule_matched' => 'rule_554'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_555' {
mutate {
update => {
'rule_matched' => 'rule_555'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_556' {
mutate {
update => {
'rule_matched' => 'rule_556'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_557' {
mutate {
update => {
'rule_matched' => 'rule_557'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_558' {
mutate {
update => {
'rule_matched' => 'rule_558'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_559' {
mutate {
update => {
'rule_matched' => 'rule_559'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_560' {
mutate {
update => {
'rule_matched' => 'rule_560'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_561' {
mutate {
update => {
'rule_matched' => 'rule_561'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_562' {
mutate {
update => {
'rule_matched' => 'rule_562'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_563' {
mutate {
update => {
'rule_matched' => 'rule_563'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_564' {
mutate {
update => {
'rule_matched' => 'rule_564'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_565' {
mutate {
update => {
'rule_matched' => 'rule_565'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_566' {
mutate {
update => {
'rule_matched' => 'rule_566'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_567' {
mutate {
update => {
'rule_matched' => 'rule_567'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_568' {
mutate {
update => {
'rule_matched' => 'rule_568'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_569' {
mutate {
update => {
'rule_matched' => 'rule_569'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_570' {
mutate {
update => {
'rule_matched' => 'rule_570'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_571' {
mutate {
update => {
'rule_matched' => 'rule_571'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_572' {
mutate {
update => {
'rule_matched' => 'rule_572'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_573' {
mutate {
update => {
'rule_matched' => 'rule_573'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_574' {
mutate {
update => {
'rule_matched' => 'rule_574'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_575' {
mutate {
update => {
'rule_matched' => 'rule_575'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_576' {
mutate {
update => {
'rule_matched' => 'rule_576'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_577' {
mutate {
update => {
'rule_matched' => 'rule_577'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_578' {
mutate {
update => {
'rule_matched' => 'rule_578'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_579' {
mutate {
update => {
'rule_matched' => 'rule_579'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_580' {
mutate {
update => {
'rule_matched' => 'rule_580'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_581' {
mutate {
update => {
'rule_matched' => 'rule_581'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_582' {
mutate {
update => {
'rule_matched' => 'rule_582'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_583' {
mutate {
update => {
'rule_matched' => 'rule_583'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_584' {
mutate {
update => {
'rule_matched' => 'rule_584'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_585' {
mutate {
update => {
'rule_matched' => 'rule_585'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_586' {
mutate {
update => {
'rule_matched' => 'rule_586'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_587' {
mutate {
update => {
'rule_matched' => 'rule_587'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_588' {
mutate {
update => {
'rule_matched' => 'rule_588'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_589' {
mutate {
update => {
'rule_matched' => 'rule_589'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_590' {
mutate {
update => {
'rule_matched' => 'rule_590'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_591' {
mutate {
update => {
'rule_matched' => 'rule_591'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_592' {
mutate {
update => {
'rule_matched' => 'rule_592'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_593' {
mutate {
update => {
'rule_matched' => 'rule_593'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_594' {
mutate {
update => {
'rule_matched' => 'rule_594'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_595' {
mutate {
update => {
'rule_matched' => 'rule_595'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_596' {
mutate {
update => {
'rule_matched' => 'rule_596'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_597' {
mutate {
update => {
'rule_matched' => 'rule_597'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_598' {
mutate {
update => {
'rule_matched' => 'rule_598'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_599' {
mutate {
update => {
'rule_matched' => 'rule_599'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_600' {
mutate {
update => {
'rule_matched' => 'rule_600'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_601' {
mutate {
update => {
'rule_matched' => 'rule_601'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_602' {
mutate {
update => {
'rule_matched' => 'rule_602'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_603' {
mutate {
update => {
'rule_matched' => 'rule_603'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_604' {
mutate {
update => {
'rule_matched' => 'rule_604'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_605' {
mutate {
update => {
'rule_matched' => 'rule_605'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_606' {
mutate {
update => {
'rule_matched' => 'rule_606'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_607' {
mutate {
update => {
'rule_matched' => 'rule_607'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_608' {
mutate {
update => {
'rule_matched' => 'rule_608'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_609' {
mutate {
update => {
'rule_matched' => 'rule_609'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_610' {
mutate {
update => {
'rule_matched' => 'rule_610'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_611' {
mutate {
update => {
'rule_matched' => 'rule_611'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_612' {
mutate {
update => {
'rule_matched' => 'rule_612'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_613' {
mutate {
update => {
'rule_matched' => 'rule_613'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_614' {
mutate {
update => {
'rule_matched' => 'rule_614'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_615' {
mutate {
update => {
'rule_matched' => 'rule_615'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_616' {
mutate {
update => {
'rule_matched' => 'rule_616'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_617' {
mutate {
update => {
'rule_matched' => 'rule_617'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_618' {
mutate {
update => {
'rule_matched' => 'rule_618'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_619' {
mutate {
update => {
'rule_matched' => 'rule_619'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_620' {
mutate {
update => {
'rule_matched' => 'rule_620'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_621' {
mutate {
update => {
'rule_matched' => 'rule_621'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_622' {
mutate {
update => {
'rule_matched' => 'rule_622'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_623' {
mutate {
update => {
'rule_matched' => 'rule_623'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_624' {
mutate {
update => {
'rule_matched' => 'rule_624'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_625' {
mutate {
update => {
'rule_matched' => 'rule_625'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_626' {
mutate {
update => {
'rule_matched' => 'rule_626'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_627' {
mutate {
update => {
'rule_matched' => 'rule_627'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_628' {
mutate {
update => {
'rule_matched' => 'rule_628'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_629' {
mutate {
update => {
'rule_matched' => 'rule_629'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_630' {
mutate {
update => {
'rule_matched' => 'rule_630'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_631' {
mutate {
update => {
'rule_matched' => 'rule_631'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_632' {
mutate {
update => {
'rule_matched' => 'rule_632'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_633' {
mutate {
update => {
'rule_matched' => 'rule_633'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_634' {
mutate {
update => {
'rule_matched' => 'rule_634'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_635' {
mutate {
update => {
'rule_matched' => 'rule_635'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_636' {
mutate {
update => {
'rule_matched' => 'rule_636'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_637' {
mutate {
update => {
'rule_matched' => 'rule_637'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_638' {
mutate {
update => {
'rule_matched' => 'rule_638'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_639' {
mutate {
update => {
'rule_matched' => 'rule_639'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_640' {
mutate {
update => {
'rule_matched' => 'rule_640'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_641' {
mutate {
update => {
'rule_matched' => 'rule_641'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_642' {
mutate {
update => {
'rule_matched' => 'rule_642'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_643' {
mutate {
update => {
'rule_matched' => 'rule_643'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_644' {
mutate {
update => {
'rule_matched' => 'rule_644'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_645' {
mutate {
update => {
'rule_matched' => 'rule_645'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_646' {
mutate {
update => {
'rule_matched' => 'rule_646'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_647' {
mutate {
update => {
'rule_matched' => 'rule_647'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_648' {
mutate {
update => {
'rule_matched' => 'rule_648'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_649' {
mutate {
update => {
'rule_matched' => 'rule_649'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_650' {
mutate {
update => {
'rule_matched' => 'rule_650'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_651' {
mutate {
update => {
'rule_matched' => 'rule_651'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_652' {
mutate {
update => {
'rule_matched' => 'rule_652'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_653' {
mutate {
update => {
'rule_matched' => 'rule_653'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_654' {
mutate {
update => {
'rule_matched' => 'rule_654'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_655' {
mutate {
update => {
'rule_matched' => 'rule_655'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_656' {
mutate {
update => {
'rule_matched' => 'rule_656'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_657' {
mutate {
update => {
'rule_matched' => 'rule_657'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_658' {
mutate {
update => {
'rule_matched' => 'rule_658'
}
}
}
if [start_time] > '1491177600' and [end_time] < '1501632000' and [device] == 'device_659' {
mutate {
update => {
'rule_matched' => 'rule_659'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_660' {
mutate {
update => {
'rule_matched' => 'rule_660'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_661' {
mutate {
update => {
'rule_matched' => 'rule_661'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_662' {
mutate {
update => {
'rule_matched' => 'rule_662'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_663' {
mutate {
update => {
'rule_matched' => 'rule_663'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_664' {
mutate {
update => {
'rule_matched' => 'rule_664'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_665' {
mutate {
update => {
'rule_matched' => 'rule_665'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_666' {
mutate {
update => {
'rule_matched' => 'rule_666'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_667' {
mutate {
update => {
'rule_matched' => 'rule_667'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_668' {
mutate {
update => {
'rule_matched' => 'rule_668'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_669' {
mutate {
update => {
'rule_matched' => 'rule_669'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_670' {
mutate {
update => {
'rule_matched' => 'rule_670'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_671' {
mutate {
update => {
'rule_matched' => 'rule_671'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_672' {
mutate {
update => {
'rule_matched' => 'rule_672'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_673' {
mutate {
update => {
'rule_matched' => 'rule_673'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_674' {
mutate {
update => {
'rule_matched' => 'rule_674'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_675' {
mutate {
update => {
'rule_matched' => 'rule_675'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_676' {
mutate {
update => {
'rule_matched' => 'rule_676'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_677' {
mutate {
update => {
'rule_matched' => 'rule_677'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_678' {
mutate {
update => {
'rule_matched' => 'rule_678'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_679' {
mutate {
update => {
'rule_matched' => 'rule_679'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_680' {
mutate {
update => {
'rule_matched' => 'rule_680'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_681' {
mutate {
update => {
'rule_matched' => 'rule_681'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_682' {
mutate {
update => {
'rule_matched' => 'rule_682'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_683' {
mutate {
update => {
'rule_matched' => 'rule_683'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_684' {
mutate {
update => {
'rule_matched' => 'rule_684'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_685' {
mutate {
update => {
'rule_matched' => 'rule_685'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_686' {
mutate {
update => {
'rule_matched' => 'rule_686'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_687' {
mutate {
update => {
'rule_matched' => 'rule_687'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_688' {
mutate {
update => {
'rule_matched' => 'rule_688'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_689' {
mutate {
update => {
'rule_matched' => 'rule_689'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_690' {
mutate {
update => {
'rule_matched' => 'rule_690'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_691' {
mutate {
update => {
'rule_matched' => 'rule_691'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_692' {
mutate {
update => {
'rule_matched' => 'rule_692'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_693' {
mutate {
update => {
'rule_matched' => 'rule_693'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_694' {
mutate {
update => {
'rule_matched' => 'rule_694'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_695' {
mutate {
update => {
'rule_matched' => 'rule_695'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_696' {
mutate {
update => {
'rule_matched' => 'rule_696'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_697' {
mutate {
update => {
'rule_matched' => 'rule_697'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_698' {
mutate {
update => {
'rule_matched' => 'rule_698'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_699' {
mutate {
update => {
'rule_matched' => 'rule_699'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_700' {
mutate {
update => {
'rule_matched' => 'rule_700'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_701' {
mutate {
update => {
'rule_matched' => 'rule_701'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_702' {
mutate {
update => {
'rule_matched' => 'rule_702'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_703' {
mutate {
update => {
'rule_matched' => 'rule_703'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_704' {
mutate {
update => {
'rule_matched' => 'rule_704'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_705' {
mutate {
update => {
'rule_matched' => 'rule_705'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_706' {
mutate {
update => {
'rule_matched' => 'rule_706'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_707' {
mutate {
update => {
'rule_matched' => 'rule_707'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_708' {
mutate {
update => {
'rule_matched' => 'rule_708'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_709' {
mutate {
update => {
'rule_matched' => 'rule_709'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_710' {
mutate {
update => {
'rule_matched' => 'rule_710'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_711' {
mutate {
update => {
'rule_matched' => 'rule_711'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_712' {
mutate {
update => {
'rule_matched' => 'rule_712'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_713' {
mutate {
update => {
'rule_matched' => 'rule_713'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_714' {
mutate {
update => {
'rule_matched' => 'rule_714'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_715' {
mutate {
update => {
'rule_matched' => 'rule_715'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_716' {
mutate {
update => {
'rule_matched' => 'rule_716'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_717' {
mutate {
update => {
'rule_matched' => 'rule_717'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_718' {
mutate {
update => {
'rule_matched' => 'rule_718'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_719' {
mutate {
update => {
'rule_matched' => 'rule_719'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_720' {
mutate {
update => {
'rule_matched' => 'rule_720'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_721' {
mutate {
update => {
'rule_matched' => 'rule_721'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_722' {
mutate {
update => {
'rule_matched' => 'rule_722'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_723' {
mutate {
update => {
'rule_matched' => 'rule_723'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_724' {
mutate {
update => {
'rule_matched' => 'rule_724'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_725' {
mutate {
update => {
'rule_matched' => 'rule_725'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_726' {
mutate {
update => {
'rule_matched' => 'rule_726'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_727' {
mutate {
update => {
'rule_matched' => 'rule_727'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_728' {
mutate {
update => {
'rule_matched' => 'rule_728'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_729' {
mutate {
update => {
'rule_matched' => 'rule_729'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_730' {
mutate {
update => {
'rule_matched' => 'rule_730'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_731' {
mutate {
update => {
'rule_matched' => 'rule_731'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_732' {
mutate {
update => {
'rule_matched' => 'rule_732'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_733' {
mutate {
update => {
'rule_matched' => 'rule_733'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_734' {
mutate {
update => {
'rule_matched' => 'rule_734'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_735' {
mutate {
update => {
'rule_matched' => 'rule_735'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_736' {
mutate {
update => {
'rule_matched' => 'rule_736'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_737' {
mutate {
update => {
'rule_matched' => 'rule_737'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_738' {
mutate {
update => {
'rule_matched' => 'rule_738'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_739' {
mutate {
update => {
'rule_matched' => 'rule_739'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_740' {
mutate {
update => {
'rule_matched' => 'rule_740'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_741' {
mutate {
update => {
'rule_matched' => 'rule_741'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_742' {
mutate {
update => {
'rule_matched' => 'rule_742'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_743' {
mutate {
update => {
'rule_matched' => 'rule_743'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_744' {
mutate {
update => {
'rule_matched' => 'rule_744'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_745' {
mutate {
update => {
'rule_matched' => 'rule_745'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_746' {
mutate {
update => {
'rule_matched' => 'rule_746'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_747' {
mutate {
update => {
'rule_matched' => 'rule_747'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_748' {
mutate {
update => {
'rule_matched' => 'rule_748'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_749' {
mutate {
update => {
'rule_matched' => 'rule_749'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_750' {
mutate {
update => {
'rule_matched' => 'rule_750'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_751' {
mutate {
update => {
'rule_matched' => 'rule_751'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_752' {
mutate {
update => {
'rule_matched' => 'rule_752'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_753' {
mutate {
update => {
'rule_matched' => 'rule_753'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_754' {
mutate {
update => {
'rule_matched' => 'rule_754'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_755' {
mutate {
update => {
'rule_matched' => 'rule_755'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_756' {
mutate {
update => {
'rule_matched' => 'rule_756'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_757' {
mutate {
update => {
'rule_matched' => 'rule_757'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_758' {
mutate {
update => {
'rule_matched' => 'rule_758'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_759' {
mutate {
update => {
'rule_matched' => 'rule_759'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_760' {
mutate {
update => {
'rule_matched' => 'rule_760'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_761' {
mutate {
update => {
'rule_matched' => 'rule_761'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_762' {
mutate {
update => {
'rule_matched' => 'rule_762'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_763' {
mutate {
update => {
'rule_matched' => 'rule_763'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_764' {
mutate {
update => {
'rule_matched' => 'rule_764'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_765' {
mutate {
update => {
'rule_matched' => 'rule_765'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_766' {
mutate {
update => {
'rule_matched' => 'rule_766'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_767' {
mutate {
update => {
'rule_matched' => 'rule_767'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_768' {
mutate {
update => {
'rule_matched' => 'rule_768'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_769' {
mutate {
update => {
'rule_matched' => 'rule_769'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_770' {
mutate {
update => {
'rule_matched' => 'rule_770'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_771' {
mutate {
update => {
'rule_matched' => 'rule_771'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_772' {
mutate {
update => {
'rule_matched' => 'rule_772'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_773' {
mutate {
update => {
'rule_matched' => 'rule_773'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_774' {
mutate {
update => {
'rule_matched' => 'rule_774'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_775' {
mutate {
update => {
'rule_matched' => 'rule_775'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_776' {
mutate {
update => {
'rule_matched' => 'rule_776'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_777' {
mutate {
update => {
'rule_matched' => 'rule_777'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_778' {
mutate {
update => {
'rule_matched' => 'rule_778'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_779' {
mutate {
update => {
'rule_matched' => 'rule_779'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_780' {
mutate {
update => {
'rule_matched' => 'rule_780'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_781' {
mutate {
update => {
'rule_matched' => 'rule_781'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_782' {
mutate {
update => {
'rule_matched' => 'rule_782'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_783' {
mutate {
update => {
'rule_matched' => 'rule_783'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_784' {
mutate {
update => {
'rule_matched' => 'rule_784'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_785' {
mutate {
update => {
'rule_matched' => 'rule_785'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_786' {
mutate {
update => {
'rule_matched' => 'rule_786'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_787' {
mutate {
update => {
'rule_matched' => 'rule_787'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_788' {
mutate {
update => {
'rule_matched' => 'rule_788'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_789' {
mutate {
update => {
'rule_matched' => 'rule_789'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_790' {
mutate {
update => {
'rule_matched' => 'rule_790'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_791' {
mutate {
update => {
'rule_matched' => 'rule_791'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_792' {
mutate {
update => {
'rule_matched' => 'rule_792'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_793' {
mutate {
update => {
'rule_matched' => 'rule_793'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_794' {
mutate {
update => {
'rule_matched' => 'rule_794'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_795' {
mutate {
update => {
'rule_matched' => 'rule_795'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_796' {
mutate {
update => {
'rule_matched' => 'rule_796'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_797' {
mutate {
update => {
'rule_matched' => 'rule_797'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_798' {
mutate {
update => {
'rule_matched' => 'rule_798'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_799' {
mutate {
update => {
'rule_matched' => 'rule_799'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_800' {
mutate {
update => {
'rule_matched' => 'rule_800'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_801' {
mutate {
update => {
'rule_matched' => 'rule_801'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_802' {
mutate {
update => {
'rule_matched' => 'rule_802'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_803' {
mutate {
update => {
'rule_matched' => 'rule_803'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_804' {
mutate {
update => {
'rule_matched' => 'rule_804'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_805' {
mutate {
update => {
'rule_matched' => 'rule_805'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_806' {
mutate {
update => {
'rule_matched' => 'rule_806'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_807' {
mutate {
update => {
'rule_matched' => 'rule_807'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_808' {
mutate {
update => {
'rule_matched' => 'rule_808'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_809' {
mutate {
update => {
'rule_matched' => 'rule_809'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_810' {
mutate {
update => {
'rule_matched' => 'rule_810'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_811' {
mutate {
update => {
'rule_matched' => 'rule_811'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_812' {
mutate {
update => {
'rule_matched' => 'rule_812'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_813' {
mutate {
update => {
'rule_matched' => 'rule_813'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_814' {
mutate {
update => {
'rule_matched' => 'rule_814'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_815' {
mutate {
update => {
'rule_matched' => 'rule_815'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_816' {
mutate {
update => {
'rule_matched' => 'rule_816'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_817' {
mutate {
update => {
'rule_matched' => 'rule_817'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_818' {
mutate {
update => {
'rule_matched' => 'rule_818'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_819' {
mutate {
update => {
'rule_matched' => 'rule_819'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_820' {
mutate {
update => {
'rule_matched' => 'rule_820'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_821' {
mutate {
update => {
'rule_matched' => 'rule_821'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_822' {
mutate {
update => {
'rule_matched' => 'rule_822'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_823' {
mutate {
update => {
'rule_matched' => 'rule_823'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_824' {
mutate {
update => {
'rule_matched' => 'rule_824'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_825' {
mutate {
update => {
'rule_matched' => 'rule_825'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_826' {
mutate {
update => {
'rule_matched' => 'rule_826'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_827' {
mutate {
update => {
'rule_matched' => 'rule_827'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_828' {
mutate {
update => {
'rule_matched' => 'rule_828'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_829' {
mutate {
update => {
'rule_matched' => 'rule_829'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_830' {
mutate {
update => {
'rule_matched' => 'rule_830'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_831' {
mutate {
update => {
'rule_matched' => 'rule_831'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_832' {
mutate {
update => {
'rule_matched' => 'rule_832'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_833' {
mutate {
update => {
'rule_matched' => 'rule_833'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_834' {
mutate {
update => {
'rule_matched' => 'rule_834'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_835' {
mutate {
update => {
'rule_matched' => 'rule_835'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_836' {
mutate {
update => {
'rule_matched' => 'rule_836'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_837' {
mutate {
update => {
'rule_matched' => 'rule_837'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_838' {
mutate {
update => {
'rule_matched' => 'rule_838'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_839' {
mutate {
update => {
'rule_matched' => 'rule_839'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_840' {
mutate {
update => {
'rule_matched' => 'rule_840'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_841' {
mutate {
update => {
'rule_matched' => 'rule_841'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_842' {
mutate {
update => {
'rule_matched' => 'rule_842'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_843' {
mutate {
update => {
'rule_matched' => 'rule_843'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_844' {
mutate {
update => {
'rule_matched' => 'rule_844'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_845' {
mutate {
update => {
'rule_matched' => 'rule_845'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_846' {
mutate {
update => {
'rule_matched' => 'rule_846'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_847' {
mutate {
update => {
'rule_matched' => 'rule_847'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_848' {
mutate {
update => {
'rule_matched' => 'rule_848'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_849' {
mutate {
update => {
'rule_matched' => 'rule_849'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_850' {
mutate {
update => {
'rule_matched' => 'rule_850'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_851' {
mutate {
update => {
'rule_matched' => 'rule_851'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_852' {
mutate {
update => {
'rule_matched' => 'rule_852'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_853' {
mutate {
update => {
'rule_matched' => 'rule_853'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_854' {
mutate {
update => {
'rule_matched' => 'rule_854'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_855' {
mutate {
update => {
'rule_matched' => 'rule_855'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_856' {
mutate {
update => {
'rule_matched' => 'rule_856'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_857' {
mutate {
update => {
'rule_matched' => 'rule_857'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_858' {
mutate {
update => {
'rule_matched' => 'rule_858'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_859' {
mutate {
update => {
'rule_matched' => 'rule_859'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_860' {
mutate {
update => {
'rule_matched' => 'rule_860'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_861' {
mutate {
update => {
'rule_matched' => 'rule_861'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_862' {
mutate {
update => {
'rule_matched' => 'rule_862'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_863' {
mutate {
update => {
'rule_matched' => 'rule_863'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_864' {
mutate {
update => {
'rule_matched' => 'rule_864'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_865' {
mutate {
update => {
'rule_matched' => 'rule_865'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_866' {
mutate {
update => {
'rule_matched' => 'rule_866'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_867' {
mutate {
update => {
'rule_matched' => 'rule_867'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_868' {
mutate {
update => {
'rule_matched' => 'rule_868'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_869' {
mutate {
update => {
'rule_matched' => 'rule_869'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_870' {
mutate {
update => {
'rule_matched' => 'rule_870'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_871' {
mutate {
update => {
'rule_matched' => 'rule_871'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_872' {
mutate {
update => {
'rule_matched' => 'rule_872'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_873' {
mutate {
update => {
'rule_matched' => 'rule_873'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_874' {
mutate {
update => {
'rule_matched' => 'rule_874'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_875' {
mutate {
update => {
'rule_matched' => 'rule_875'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_876' {
mutate {
update => {
'rule_matched' => 'rule_876'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_877' {
mutate {
update => {
'rule_matched' => 'rule_877'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_878' {
mutate {
update => {
'rule_matched' => 'rule_878'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_879' {
mutate {
update => {
'rule_matched' => 'rule_879'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_880' {
mutate {
update => {
'rule_matched' => 'rule_880'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_881' {
mutate {
update => {
'rule_matched' => 'rule_881'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_882' {
mutate {
update => {
'rule_matched' => 'rule_882'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_883' {
mutate {
update => {
'rule_matched' => 'rule_883'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_884' {
mutate {
update => {
'rule_matched' => 'rule_884'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_885' {
mutate {
update => {
'rule_matched' => 'rule_885'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_886' {
mutate {
update => {
'rule_matched' => 'rule_886'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_887' {
mutate {
update => {
'rule_matched' => 'rule_887'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_888' {
mutate {
update => {
'rule_matched' => 'rule_888'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_889' {
mutate {
update => {
'rule_matched' => 'rule_889'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_890' {
mutate {
update => {
'rule_matched' => 'rule_890'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_891' {
mutate {
update => {
'rule_matched' => 'rule_891'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_892' {
mutate {
update => {
'rule_matched' => 'rule_892'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_893' {
mutate {
update => {
'rule_matched' => 'rule_893'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_894' {
mutate {
update => {
'rule_matched' => 'rule_894'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_895' {
mutate {
update => {
'rule_matched' => 'rule_895'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_896' {
mutate {
update => {
'rule_matched' => 'rule_896'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_897' {
mutate {
update => {
'rule_matched' => 'rule_897'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_898' {
mutate {
update => {
'rule_matched' => 'rule_898'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_899' {
mutate {
update => {
'rule_matched' => 'rule_899'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_900' {
mutate {
update => {
'rule_matched' => 'rule_900'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_901' {
mutate {
update => {
'rule_matched' => 'rule_901'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_902' {
mutate {
update => {
'rule_matched' => 'rule_902'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_903' {
mutate {
update => {
'rule_matched' => 'rule_903'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_904' {
mutate {
update => {
'rule_matched' => 'rule_904'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_905' {
mutate {
update => {
'rule_matched' => 'rule_905'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_906' {
mutate {
update => {
'rule_matched' => 'rule_906'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_907' {
mutate {
update => {
'rule_matched' => 'rule_907'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_908' {
mutate {
update => {
'rule_matched' => 'rule_908'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_909' {
mutate {
update => {
'rule_matched' => 'rule_909'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_910' {
mutate {
update => {
'rule_matched' => 'rule_910'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_911' {
mutate {
update => {
'rule_matched' => 'rule_911'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_912' {
mutate {
update => {
'rule_matched' => 'rule_912'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_913' {
mutate {
update => {
'rule_matched' => 'rule_913'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_914' {
mutate {
update => {
'rule_matched' => 'rule_914'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_915' {
mutate {
update => {
'rule_matched' => 'rule_915'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_916' {
mutate {
update => {
'rule_matched' => 'rule_916'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_917' {
mutate {
update => {
'rule_matched' => 'rule_917'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_918' {
mutate {
update => {
'rule_matched' => 'rule_918'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_919' {
mutate {
update => {
'rule_matched' => 'rule_919'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_920' {
mutate {
update => {
'rule_matched' => 'rule_920'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_921' {
mutate {
update => {
'rule_matched' => 'rule_921'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_922' {
mutate {
update => {
'rule_matched' => 'rule_922'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_923' {
mutate {
update => {
'rule_matched' => 'rule_923'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_924' {
mutate {
update => {
'rule_matched' => 'rule_924'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_925' {
mutate {
update => {
'rule_matched' => 'rule_925'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_926' {
mutate {
update => {
'rule_matched' => 'rule_926'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_927' {
mutate {
update => {
'rule_matched' => 'rule_927'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_928' {
mutate {
update => {
'rule_matched' => 'rule_928'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_929' {
mutate {
update => {
'rule_matched' => 'rule_929'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_930' {
mutate {
update => {
'rule_matched' => 'rule_930'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_931' {
mutate {
update => {
'rule_matched' => 'rule_931'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_932' {
mutate {
update => {
'rule_matched' => 'rule_932'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_933' {
mutate {
update => {
'rule_matched' => 'rule_933'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_934' {
mutate {
update => {
'rule_matched' => 'rule_934'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_935' {
mutate {
update => {
'rule_matched' => 'rule_935'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_936' {
mutate {
update => {
'rule_matched' => 'rule_936'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_937' {
mutate {
update => {
'rule_matched' => 'rule_937'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_938' {
mutate {
update => {
'rule_matched' => 'rule_938'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_939' {
mutate {
update => {
'rule_matched' => 'rule_939'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_940' {
mutate {
update => {
'rule_matched' => 'rule_940'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_941' {
mutate {
update => {
'rule_matched' => 'rule_941'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_942' {
mutate {
update => {
'rule_matched' => 'rule_942'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_943' {
mutate {
update => {
'rule_matched' => 'rule_943'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_944' {
mutate {
update => {
'rule_matched' => 'rule_944'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_945' {
mutate {
update => {
'rule_matched' => 'rule_945'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_946' {
mutate {
update => {
'rule_matched' => 'rule_946'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_947' {
mutate {
update => {
'rule_matched' => 'rule_947'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_948' {
mutate {
update => {
'rule_matched' => 'rule_948'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_949' {
mutate {
update => {
'rule_matched' => 'rule_949'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_950' {
mutate {
update => {
'rule_matched' => 'rule_950'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_951' {
mutate {
update => {
'rule_matched' => 'rule_951'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_952' {
mutate {
update => {
'rule_matched' => 'rule_952'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_953' {
mutate {
update => {
'rule_matched' => 'rule_953'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_954' {
mutate {
update => {
'rule_matched' => 'rule_954'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_955' {
mutate {
update => {
'rule_matched' => 'rule_955'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_956' {
mutate {
update => {
'rule_matched' => 'rule_956'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_957' {
mutate {
update => {
'rule_matched' => 'rule_957'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_958' {
mutate {
update => {
'rule_matched' => 'rule_958'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_959' {
mutate {
update => {
'rule_matched' => 'rule_959'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_960' {
mutate {
update => {
'rule_matched' => 'rule_960'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_961' {
mutate {
update => {
'rule_matched' => 'rule_961'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_962' {
mutate {
update => {
'rule_matched' => 'rule_962'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_963' {
mutate {
update => {
'rule_matched' => 'rule_963'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_964' {
mutate {
update => {
'rule_matched' => 'rule_964'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_965' {
mutate {
update => {
'rule_matched' => 'rule_965'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_966' {
mutate {
update => {
'rule_matched' => 'rule_966'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_967' {
mutate {
update => {
'rule_matched' => 'rule_967'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_968' {
mutate {
update => {
'rule_matched' => 'rule_968'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_969' {
mutate {
update => {
'rule_matched' => 'rule_969'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_970' {
mutate {
update => {
'rule_matched' => 'rule_970'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_971' {
mutate {
update => {
'rule_matched' => 'rule_971'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_972' {
mutate {
update => {
'rule_matched' => 'rule_972'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_973' {
mutate {
update => {
'rule_matched' => 'rule_973'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_974' {
mutate {
update => {
'rule_matched' => 'rule_974'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_975' {
mutate {
update => {
'rule_matched' => 'rule_975'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_976' {
mutate {
update => {
'rule_matched' => 'rule_976'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_977' {
mutate {
update => {
'rule_matched' => 'rule_977'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_978' {
mutate {
update => {
'rule_matched' => 'rule_978'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_979' {
mutate {
update => {
'rule_matched' => 'rule_979'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_980' {
mutate {
update => {
'rule_matched' => 'rule_980'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_981' {
mutate {
update => {
'rule_matched' => 'rule_981'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_982' {
mutate {
update => {
'rule_matched' => 'rule_982'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_983' {
mutate {
update => {
'rule_matched' => 'rule_983'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_984' {
mutate {
update => {
'rule_matched' => 'rule_984'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_985' {
mutate {
update => {
'rule_matched' => 'rule_985'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_986' {
mutate {
update => {
'rule_matched' => 'rule_986'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_987' {
mutate {
update => {
'rule_matched' => 'rule_987'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_988' {
mutate {
update => {
'rule_matched' => 'rule_988'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_989' {
mutate {
update => {
'rule_matched' => 'rule_989'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_990' {
mutate {
update => {
'rule_matched' => 'rule_990'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_991' {
mutate {
update => {
'rule_matched' => 'rule_991'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_992' {
mutate {
update => {
'rule_matched' => 'rule_992'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_993' {
mutate {
update => {
'rule_matched' => 'rule_993'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_994' {
mutate {
update => {
'rule_matched' => 'rule_994'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_995' {
mutate {
update => {
'rule_matched' => 'rule_995'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_996' {
mutate {
update => {
'rule_matched' => 'rule_996'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_997' {
mutate {
update => {
'rule_matched' => 'rule_997'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_998' {
mutate {
update => {
'rule_matched' => 'rule_998'
}
}
}
if [duration] > 700 and [network] == 'network_a' and [device] == 'device_999' {
mutate {
update => {
'rule_matched' => 'rule_999'
}
}
}
}
output {
file {
path => "/tmp/test.log"
codec => line { format => "custom format: %{device}, %{creation_time}, %{time_taken} seconds, %{rule_matched}" }
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment