Hello,
I`am having a situation, where i want to monitor Cisco routers, and i want to get both From and To IP address, into my geoIP field.
I havea line in my config file that looks something like
geoip { source => "ClientIP" },
but that field can only hold data about one IP addres.
I was wondering is there a way to store info about 2 IP addresses, and how could i do it?
Thanks for the answers.
Cheers,
Ninoslav.
The geoip filter also has a target option that controls the destination field of the looked-up data (i.e. you need two geoip filters with different source and target values). Note that you'll have to update the index mappings (which is typically done with an index template) to actually turn the field stored in ES into a geo_point field.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.