Hi there,
I am experiencing the same problem with here ( Could not able to use geo_ip in logstash 2.4 - #2 by magnusbaeck ) however my issue wasnt resolved.
I have the following configuration file
Logstash:
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
geoip {
source => "clientip"
target => "geoip"
database => "/etc/logstash/GeoLiteCity.dat"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
mutate { convert => [ "[geoip][coordinates]", "float" ]
}
}
output {
elasticsearch {
hosts => "10.0.0.15:9200"
manage_template => true
index => "filebeat-%{+YYYY.MM.dd}"
document_type => "apache"
}
}
The previous config file was working until I did the following changes:
target => "geoip" database => "/etc/logstash/GeoLiteCity.dat" add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ] add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ] }
mutate { convert => [ "[geoip][coordinates]", "float" ]
I have checked all the other interactions (filebeat -> redis -> logstash) and everything is fine. I also tcpdumped logstash <-> elasticsearch and I can see them communicating however the index is not created.
curl 'http://10.0.0.15:9200/_cat/indices?v'
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
yellow open messagebroker e3gRxR39QiuRQkGe0wFurA 5 1 0 0 800b 800b
yellow open flex2gateway 2TplJRbARjqu2PVeDJuQhA 5 1 0 0 800b 800b
yellow open blazeds uQhG_F-3RzmSU3_wQu9sVw 5 1 0 0 800b 800b
yellow open lcds EkSLDBoPRWitoXJX-vb5Kw 5 1 0 0 800b 800b
yellow open .kibana Qn07_MIrQLmgYhT0usy_2Q 1 1 15 4 50.6kb 50.6kb
yellow open phppath g5tXTMkCT1mcdh54CklTug 5 1 0 0 800b 800b
yellow open webui 82LKbALdRViLO8EFQK0wHA 5 1 0 0 800b 800b
yellow open samples l1JkFfWMTt6GMNFCMFk8rw 5 1 0 0 800b 800b
yellow open lcds-samples iEe3RmWdSaysdUQVBJbC3Q 5
I am using Logstash 5.0.1.
Any help please?