GeoIP Field Selection

wwalker · August 24, 2018, 7:58pm

Trying to figure out the syntax of the Geoip filter field option. It says it accepts an array but I don't understand how you format a group of unrelated strings inside of an array....at least going by the example linked to in the documentation.

I've tried {"field1", "field2"} and {field1,field2} but I keep getting an error in the logs saying it expects either a # or => after the first option. Below is the error and my config, line 29 is the fields line:

Failed to execute action {:id=>:CloudFlare, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Expected one of #, => at line 29, column 25

  geoip {
    source => "ClientIP"
    fields => {city_name,country_code2,country_name,latitude,longitude,timezone}
  }
}

magnusbaeck · August 27, 2018, 6:15am

An array looks like this: ["item1", "item", ..., "itemN"]

wwalker · August 27, 2018, 3:26pm

bah....I was misreading the array example in documentation.

system · September 24, 2018, 3:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
GeoIP location has added brackets and not able to visualize Logstash	11	2965	July 6, 2017
[Solved] Logstash geoip vs. ES 2.x "no dot in fields" Logstash	3	802	July 6, 2017
Template mapping examples not clear for geoip Logstash	6	520	February 25, 2019
GeoIP filter does not work with a subfield Logstash	3	364	July 7, 2022
Logstash 2.1.0 Geoip Filter Logstash	2	612	July 6, 2017

GeoIP Field Selection

Related topics