My sample log contents
#Fields: date-time,connector-id,session-id,sequence-number,local-endpoint,remote-endpoint,event,data,context
2020-10-22T23:59:53.533Z,SIG-EXCH13-01\Default Frontend SIG-EXCH13-01,08D8724E3CB78EDF,0,127.0.0.1:25,127.0.0.1:10742,+,,
2020-10-22T23:59:53.533Z,SIG-EXCH13-01\Default Frontend SIG-EXCH13-01,08D8724E3CB78EDF,1,127.0.0.1:25,127.0.0.1:10742,*,SMTPAcceptAnyRecipient,Set Session Permissions
2020-10-22T23:59:53.533Z,SIG-EXCH13-01\Default Frontend SIG-EXCH13-01,08D8724E3CB78EDF,2,127.0.0.1:25,127.0.0.1:10742,>,"220 SIG-EXCH13-01.sinpf.org.sb Microsoft ESMTP MAIL Service
My logstash pipeline
input {
beats {
port => 5044
}
filter{
mutate {
gsub => [ "message", ":" , "," ]
}
csv{
separator => ","
columns => ["date", "hour", "minutes" , "connector-id","session-id","sequence-number","local-ip", "local-port", "remote-ip", "remote-port","event" ,"data","context"]
}
geoip {
source => "remote-ip"
}
}
}
output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}"
}
}
My geoip filter is not working as expected, please help.