Hi All
I have GeoLite2-City.mmdb and logstash ver 5.4.0. I am trying to use the db but nothing is working out.
Can anyone please explain the steps needed to do the loading of IP address in Logstash and transformed it into longitude and latitude in ES index
How to do this ??? Please explain that would be great help
Thanks
https://www.elastic.co/blog/geoip-in-the-elastic-stack should help you out.
If you follow that and still have issues, please provide as much detail as you can 
Thank you for such a quick reply 
. Let me work it out. Will let you know if case of any query 
This link is not working 
@warkolm
Works fine for me?
Thank You so much
Can you tell where to give Template via Logstash file?
I want to apply mapping on a particular index. How to apply that??? because by default when data is inserted through Logstash, geoip.location is set a float but its type should be geo_point.
If you are using the default Logstash configuration then it will be mapped to a geopoint.
If it's not doing that, then providing your config would be a useful starting point to troubleshooting.
This is my configuration file...
By this I am getting float type of geoip.location. How can I give mapping in this file ?
input {
stdin {}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
geoip {
source => "clientip"
}
}
output {
stdout { codec => dots }
elasticsearch {
hosts => ["ipAddress:port"]
index => "my_index"
document_type => "my_type"
}
}
That's why, the default template won't match that index pattern.
Have a look at the Custom Index Names section of this GeoIP in the Elastic Stack - Elasticsearch, Logstash, Ingest API | Elastic Blog
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.