Last thing please : I find a mistake with my IP
If in my yaml file I have those 2 ip :
'10.12.4.*': '{"geoip": {"latitude": 43.667805, "longitude": 7.213004, "location": [7.213004, 43.667805]}}'
'10.12.49.*': '{"geoip": {"latitude": 43.698512, "longitude": 7.278436, "location": [7.278436, 43.698512]}}'
When I ask for example '10.12.49.18' (my second line) logstash add the values of my first line.
I tried to use a regex but nothing happens
input { stdin {} }
filter{
if [message] =~ /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])*$/ {
translate {
exact => true
regex => true
dictionary_path => "/etc/logstash/mutate/nca-geo.yml"
field => "message"
}
json {
source => "translation"
}
}
}
output { stdout { codec => rubydebug} }
Thank you