Geoip lookup failure while parsing http json data

ankitdevnalkar · December 18, 2020, 4:03pm

I am trying to perform Geoip filter while parsing json logs data from clouflare API but it says _geoip_lookup_failure

here is my conf file configurations

    input {
      http_poller {
        urls => {
          test2 => {
            method => get
            url => "https://api.cloudflare.com/client/v4/user/audit_logs"
            headers => {
                "X-Auth-Email" => "my@email.com"
                "X-Auth-Key" => "API_key"
                "Content-Type" => "application/json"
            }
         }
        }
    	codec => "json"
      }
    }
    filter {
      geoip {
        source => "[actor][ip]"
      }
    }
    output {
            stdout { codec => rubydebug }
}

following is my output

Badger · December 18, 2020, 5:37pm

This looks similar to your other post. You have an array, which I guess is called result, but at this point you have not split it. If you split it then you will be able to do a geoip lookup on %{[result][actor][ip]}.

ankitdevnalkar · December 18, 2020, 5:49pm

Thanks a lot

system · January 15, 2021, 5:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.