How to setup logstash with geoip

I want to enable this

Please explain better what you're trying to achieve and what you have so far. What does your data look like, for example?

Hi Magnus
I am collecting my DNS log and i am able to do so with packetbeat sending dns logs to the elk stack. All i want to do now is to add the geographical data for clients query to my dns server.
I can share with you my Kibana Webinterface if that will help provide more detail as i am new to this.
FYI
I just heard ELK Stack from somene else and google everything and am able to put things together just last week after 3 weeks of searching ... woohoo !!! i made it ...
Anyway the point is i am new and not a programmer but hopefully i will be able to get the most out of this Wonderfull Appliation.

Hope to hear you soon.

Maile.

If you're sending Packetbeat data via Logstash, use the geoip filter plugin to turn IP addresses into latitude/longitude values. If you're sending Packetbeat data directly to Elasticsearch (and you're using ES 5.0 or later) use the GeoIP ingest processor.

Yes I am using ES 5.1 .... Could you suggest a link or hint for proposed method above ....
Thanks in advance ..
Maile.

Which of the methods? I briefly described two of them.

I guess it is the first i am using as Output Logstash set on my packetbeat config .....

Do you think this is what i am looking for ???

on this link i send above where i can out step number 2 ........

should i change anything on logstash config ???
appreciate your kind reply.
thanks
Maile.

anybody here ???

Hi Magnus
Can you reply to my email above ...
Thanks.

I guess it is the first i am using as Output Logstash set on my packetbeat config .....

Then add a geoip filter to your Logstash configuration and point it at the field where you have the IP address you want to visualize, e.g. like this:

filter {
  geoip {
    source => "name-of-ip-address-field"
  }
}

Can you reply to my email above ...

Do you really expect me to respond to your questions at 21:30 on a Sunday night?

?Sorry Magnus

Appreciate your kind reply.

Will send you more mail tommorrow as i was away today.

Regards

Maile.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.