Logstash conf - geoIP not workin

Palino1611 · November 27, 2018, 1:54pm

Hello guys,

please could you help me to identify error in my logstash config? I would like to see in kibana special field for geoip.

My logstash config looks like this:

input {
beats {
port => 5044
host => "0.0.0.0"
}
}
filter {
grok {
match => { "message" => "%{IP:client} <%{IP:hostAddress}> - - [%{HTTPDATE:timestamp}] "%{WORD:method} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response} %{NUMBER:bytes}" }
geoip {
add_field => { "geoIP" => "%{client}" }
}
}
}
output {
elasticsearch {
hosts => localhost
}
}

Thank you

saif · November 27, 2018, 2:20pm

you need to define Geoip mapping template

and modify your geoip filter to

    geoip {
      source => "client"
    }

Palino1611 · November 27, 2018, 8:02pm

PLease how can I do this -> define Geoip mapping template ???

Palino1611 · November 28, 2018, 3:27pm

???? This is dead forum. How else can one get help regarding this if not here?

Christian_Dahlqvist · November 28, 2018, 3:52pm

If you use source => "client" in your Geoip filter and index into the default index name I think the existing template should take care of that for you.

Topic		Replies	Views
Could not able to use geo_ip in logstash 2.4 Logstash	11	1422	July 6, 2017
SOLVED: How to implement Geoip with new index Logstash	2	567	July 6, 2017
Logstash: Как правильно использовать geoip? Вопросы на русском языке	3	689	October 9, 2019
Geoip.location is not displaying in kibana when set up in logstash conf Logstash	3	2038	December 5, 2019
Problems with geoip configuration Logstash	36	18002	July 6, 2017

Logstash conf - geoIP not workin

Related topics