Create Custom geoip database for Logstash 5.2

Grenouille06 · March 29, 2017, 1:51pm

Last thing please : I find a mistake with my IP

If in my yaml file I have those 2 ip :

'10.12.4.*': '{"geoip": {"latitude": 43.667805, "longitude": 7.213004, "location": [7.213004, 43.667805]}}'
'10.12.49.*': '{"geoip": {"latitude": 43.698512, "longitude": 7.278436,  "location": [7.278436, 43.698512]}}'

When I ask for example '10.12.49.18' (my second line) logstash add the values of my first line.

I tried to use a regex but nothing happens

input { stdin {} }

filter{
  if [message] =~ /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])*$/ {
	translate {
	    exact => true
	    regex => true
	    dictionary_path => "/etc/logstash/mutate/nca-geo.yml"
	    field => "message"
	}

	json {
	    source => "translation"
	}
  } 
}

output { stdout { codec => rubydebug} }

Thank you

Topic		Replies	Views
Geoip.ip and private ip file Logstash	4	3337	February 23, 2017
Private networks with GeoIP Logstash	3	2224	July 30, 2018
Logstash Geoip Filter with a Custom Database Logstash	1	809	September 27, 2018
Private ip geoip from dictionary Logstash	8	4260	January 1, 2019
Help - Custom GeoIP Target / Updating Template/Index Kibana	10	620	December 22, 2020

Create Custom geoip database for Logstash 5.2

Related Topics