Do I have to configure Logstash (to use GeoIP) if I am using a VM?

Continuing the discussion from How does geoIP for private IPaddresses work?:

  • The idea #1 of correlating IPs is difficult to implement because the public ones change dinamically.

  • The idea #2:
    I need the range of IPs: 10.x.x.x and latitude and longitude (I am going to use the ones of this example: Creating geoip data for internal networks

MACHINE
I have Kibana 6.8.2 installed in a virtual machine. I have some "static" logs. I call them static because this is a machine for running tests and the logs were inserted for that use. This machine does not receive real-time data.

LOGS
From january 1 2019 to may 31 2019.
Logs of a corporate social network: humhub
In the field "host", there are the private IP addresses which I want to be able to see in a Map (GeoIP).

I have followed this tutorial: How To Map User Location with GeoIP and ELK (Elasticsearch, Logstash, and Kibana)

I do not have the: "11-nginx-filter.conf" file. Probably because I am using a VM.
Do I need to configure Logstash if I am using a VM?

filter {
  if [type] == "nginx-access" {
    grok {
      match => { "message" => "%{NGINXACCESS}" 
}
    }
    geoip {
      source => "clientip"
    }
  }

}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.