hello,
i have two geoip sources the first is "clientip" and the second is "clientip_e"
so i use this syntax but nothing #it's error!!!
geoip{
source => {"clientip"
}
}
geoip{
source => {"clientip_e"
}
}
how can i do ???
hello,
i have two geoip sources the first is "clientip" and the second is "clientip_e"
so i use this syntax but nothing #it's error!!!
geoip{
source => {"clientip"
}
}
geoip{
source => {"clientip_e"
}
}
how can i do ???
Hi @med_amine,
first, just FYI, it is much easier to read the config if you format it as Preformated text
Do you get any error messages?
source => {"clientip"
}
Remove the braces.
But i have two fields which are the sources ,so what is the syntax to set two sources : clentip and clientip_e
Try
geoip {
source => "clientip"
}
geoip {
source => "clientip_e"
}
Looks like you can only have one source per geoip
filter https://www.elastic.co/guide/en/logstash/6.3/plugins-filters-geoip.html#plugins-filters-geoip-source
If that does not work you can probably use a couple of if
s
But what is Logstash supposed to do with these fields? Will only one of them be populated at a time (and the parsed result should be stored in one field) or do you want it to always process both source fields and store the results in different fields?
thks it turns right now !
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.