hello ,
My logs doesn't have any option to longitude and latitude information. Currently these client logs for one location copied to the server at same location and from there logstash sending to elsastcisearch server.
Similarly i have servers at each location.
Is there any way i can add longitude and latitude information from logstash ? so that in elastcisearch i can see the location information.
What would be the source of the geolocation information? The hostname of the Logstash machines, or what did you have in mind?
Hi Magnus,
The host name of the logstash machine will be the geolocation.
This server has internal ip 10...*
Have a look at the translate filter. It lets you define lookup table where Logstash looks up (in this case) the hostname or IP address and gets back a lat/lon pair.
This is my logstash configuration.
input {
file{
path => "E:/DashBoard/OUTBOUND/*"
start_position => "end"
}
}
filter
{
kv {
source => "message"
value_split => "]"
field_split => ","
trimkey => "["
}
}
output {
elasticsearch { hosts => ["xx.xx.xx.xx:9200"] }
stdout { codec => rubydebug }
}
You cannot use geolocation on this because the geoip filter only works on public IPs.
Have a look at Creating geoip data for internal networks, as @magnusbaeck mentioned.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.