GeoIp is not working with packetbeat

kmroz · December 8, 2016, 4:09pm

input {
beats {
port => 7467
}
}

filter {
geoip {
source => "dest.ip"
target => "dest.ip_location"

database => "/opt/geoip/GeoLite2-City.mmdb" (ive tried with this and with the default that comes with logstash.

    add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
    add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
  }

mutate {
convert => [ "[geoip][coordinates]", "float"]
}

}

This is all on 5.0 ELK

warkolm · December 12, 2016, 3:58am

What's not working exactly? You've provided very little helpful information.

magnusbaeck · December 13, 2016, 5:32pm

source => "dest.ip"
target => "dest.ip_location"

Use [dest][ip] etc if you want to denoted nested fields.

kmroz · December 14, 2016, 7:56pm

That worked. Thanks!

system · January 11, 2017, 7:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash GeoIp in Packetbeat pattern Logstash	13	1069	February 19, 2019
Geoip NOT WORKING HELP Beats filebeat	4	1622	September 6, 2018
Getting geoip to work in ELK 5 Logstash	2	855	July 24, 2017
GEOIP Enable Logstash	25	3985	March 9, 2017
Geo_point not working Beats packetbeat	4	1454	July 18, 2016