input {
beats {
port => 7467
}
}

filter {
geoip {
source => "dest.ip"
target => "dest.ip_location"

database => "/opt/geoip/GeoLite2-City.mmdb" (ive tried with this and with the default that comes with logstash.

    add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
    add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
  }

mutate {
convert => [ "[geoip][coordinates]", "float"]
}

}

This is all on 5.0 ELK

What's not working exactly? You've provided very little helpful information.

source => "dest.ip"
target => "dest.ip_location"

Use [dest][ip] etc if you want to denoted nested fields.

That worked. Thanks!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.