Kibana 4 and geoip

ctataryn · July 14, 2016, 8:27pm

Here it is (albeit spread out over different files in conf.d)

input {
  beats {
    host => "10.0.3.1"
    port => 5044
  }
}
filter {
  if [type] == "nginx_access" {
    grok {
      patterns_dir => ["/home/csapp/.logstash/patterns"]
      match => { "message" => "%{NGINXACCESS}" }
    }
    date {
      match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
    }
    geoip {
      source => "clientip"
      database => "/home/csapp/.logstash/GeoLiteCity.dat"
    }
  }
}
output {
  if [type] == "nginx_access" and [response] =~ /^(5\d\d|^4\d\d)/ {
    elasticsearch {
      hosts => ["*****:9200"]
      index => "nginx_access-%{+YYYY.MM.dd}"
      user => "admin"
      password => "*******"
    }
  }
}

Topic		Replies	Views
Can't change index field mapping to geo_ip Elasticsearch	14	2282	March 9, 2017
Kibana geoip mapping wrong \| unable to change index Kibana	2	1496	November 10, 2017
Kibana4: geopoint visualization does not work Kibana	11	4115	July 6, 2017
Geoip.location not getting mapped to a geo_point type Elasticsearch	3	9858	April 12, 2017
Map geoip.location to geo_point by default Logstash	5	4096	July 6, 2017

Kibana 4 and geoip

Related topics