[ANNOUNCEMENT] Logstash ipcat filter

athoune · January 25, 2016, 9:33am

ipcat is a project for classifying IP : "Datacenter or not", and which provider.

Here is the optimized filter for logstash :

warkolm · January 25, 2016, 10:10am

Interesting, can you provide a config example?

athoune · January 25, 2016, 2:32pm

Same usage as geoip.

You can use something like that :

input {
    # get some apache log
}

filter {

    ipcat {
       source => "clientip"
       #default target is "ipcat"
    }

}

output {
    if [ipcat] {
        file {
            path => "/var/log/logstash/ipcat.log"
        }
    }
}

Topic		Replies	Views
How to filter out internal IPs and localhost.localdomain for geoip? Logstash	10	5192	May 31, 2017
Filtering multiple logs Logstash	5	1779	January 9, 2017
Geoip - Apache logs Logstash	6	955	May 2, 2021
GeoIP Filter in ECS-Compatiblity mode requires a `target` when `source` is not an `ip` sub-field, eg. [client][ip] Logstash	4	207	February 6, 2024
Logstash filter user_agent or geoip very slow Logstash	5	1300	July 6, 2017

[ANNOUNCEMENT] Logstash ipcat filter

Related topics