IF geoip.country_name - country_name

GlennH · April 23, 2018, 5:08pm

I am trying to create a IF statement using country_name for an email output although it is not identifying the field. I have tried geoip.country_name as well.

Has anyone used geoip.country_name to filter in logstash?

output {
     if "Exchange" in [tags] and "_geoip_lookup_failure" not in [tags] and "United States" not in [country_name]{
    email {
      to => 'name@domain'
      from => 'kibana@domain.net'
      subject => 'Non US Exchange Access %{country_name} %{AuthenticatedUser}'
      body => "%{message}"
      domain => 'mail.domain.net'
      port => 25
    }
      }
    }

Badger · April 23, 2018, 6:37pm

That should be [geoip][country_name]

system · May 21, 2018, 6:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.