Trying to figure out the syntax of the Geoip filter field option. It says it accepts an array but I don't understand how you format a group of unrelated strings inside of an array....at least going by the example linked to in the documentation.
I've tried {"field1", "field2"} and {field1,field2} but I keep getting an error in the logs saying it expects either a # or => after the first option. Below is the error and my config, line 29 is the fields line:
Failed to execute action {:id=>:CloudFlare, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Expected one of #, => at line 29, column 25
geoip {
source => "ClientIP"
fields => {city_name,country_code2,country_name,latitude,longitude,timezone}
}
}