you can enrich geoip with elasticsearch ingest nodes.
but if you have to use logstash, can you show example output using logstash stdout ? i suspect you will have two host fields, one object (from filebeat) and one text (from logstash)
you can enrich geoip with elasticsearch ingest nodes.
but if you have to use logstash, can you show example output using logstash stdout ? i suspect you will have two host fields, one object (from filebeat) and one text (from logstash)
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.