IF geoip.country_name - country_name

GlennH · April 23, 2018, 5:08pm

I am trying to create a IF statement using country_name for an email output although it is not identifying the field. I have tried geoip.country_name as well.

Has anyone used geoip.country_name to filter in logstash?

output {
     if "Exchange" in [tags] and "_geoip_lookup_failure" not in [tags] and "United States" not in [country_name]{
    email {
      to => 'name@domain'
      from => 'kibana@domain.net'
      subject => 'Non US Exchange Access %{country_name} %{AuthenticatedUser}'
      body => "%{message}"
      domain => 'mail.domain.net'
      port => 25
    }
      }
    }

Badger · April 23, 2018, 6:37pm

That should be [geoip][country_name]

system · May 21, 2018, 6:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash if condition Logstash	6	9377	July 6, 2017
Logstash trying to replace geoip.country_name Logstash	2	419	November 22, 2017
Checking Existence of Sub-Field Revisited Logstash	5	488	February 15, 2019
Logstash Geo IP address wrong country code Logstash	1	359	April 15, 2019
Confusion around geo.country_iso_code vs country_code2 Logstash	3	370	July 14, 2022

IF geoip.country_name - country_name

Related topics