Create Custom geoip database for Logstash 5.2

Grenouille06 · March 28, 2017, 7:03am

Hi Christian. I tried something simple. I ues 2 yaml files : latitude.yml and longitude.yml

latitude.yml
10.22.33.: "43.701535"
10.13.33.: "43.718560"
10.23.33.: "43.718560"
10.12.96.: "43.678237"

longitude.yaml
10.22.33.: "7.281819"
10.13.33.: "7.265417"
10.23.33.: "7.265417"
10.12.96.: "7.228675"

and my filter conf :

filter {
 if "[event_data][IpAddress]" =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/ {
  translate {
    dictionary_path  => "/etc/logstash/mutate/nca-latitude.yml"
    field => "[event_data][IpAddress]" 
    destination => "[geoip][latitude]"
    override => true
    }
  translate {
    dictionary_path  => "/etc/logstash/mutate/nca-longitude.yml"
    field => "[event_data][IpAddress]" 
    destination => "[geoip.longitude]"
    }
  mutate {
    convert => { "[geoip][longitude]" => "float" }
    convert => { "[geoip][latitude]" => "float" }
  }
 }
}

I want to match the IP in my field "[event_data][IpAddress]" with one of my yaml file and add
"[geoip][longitude]" and "[geoip][latitude]"

I don't knom if the star at the end of each ip is the right thing to do (* should be 0 to 255).

Thanks for help and advices

Topic		Replies	Views
Geoip.ip and private ip file Logstash	4	3337	February 23, 2017
Private networks with GeoIP Logstash	3	2224	July 30, 2018
Logstash Geoip Filter with a Custom Database Logstash	1	809	September 27, 2018
Private ip geoip from dictionary Logstash	8	4260	January 1, 2019
Help - Custom GeoIP Target / Updating Template/Index Kibana	10	620	December 22, 2020

Create Custom geoip database for Logstash 5.2

Related Topics