Logstash conf - geoIP not workin

Palino1611 · November 27, 2018, 1:54pm

Hello guys,

please could you help me to identify error in my logstash config? I would like to see in kibana special field for geoip.

My logstash config looks like this:

input {
beats {
port => 5044
host => "0.0.0.0"
}
}
filter {
grok {
match => { "message" => "%{IP:client} <%{IP:hostAddress}> - - [%{HTTPDATE:timestamp}] "%{WORD:method} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response} %{NUMBER:bytes}" }
geoip {
add_field => { "geoIP" => "%{client}" }
}
}
}
output {
elasticsearch {
hosts => localhost
}
}

Thank you

saif · November 27, 2018, 2:20pm

you need to define Geoip mapping template

and modify your geoip filter to

    geoip {
      source => "client"
    }

Palino1611 · November 27, 2018, 8:02pm

PLease how can I do this -> define Geoip mapping template ???

Palino1611 · November 28, 2018, 3:27pm

???? This is dead forum. How else can one get help regarding this if not here?

Christian_Dahlqvist · November 28, 2018, 3:52pm

If you use source => "client" in your Geoip filter and index into the default index name I think the existing template should take care of that for you.

system · December 26, 2018, 3:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Updated geoip Elasticsearch	12	620	March 8, 2021
Problems with geoip configuration Logstash	36	17835	July 6, 2017
Geoip configuration problem Logstash	1	751	July 6, 2017
Logstash unable to filter geoip for nginx Logstash	4	2470	September 7, 2017
Elastic Tile Service - how tos Kibana	5	1073	August 16, 2016

Logstash conf - geoIP not workin

Related topics