Hi All
I've problems with mi geoip ip configuration, i've kibana 4.1.1 with logstash 1.5.3 and apache 2.4.
This is my personalized geoip file configuration on logstash, i called 12-geoip.conf :
filter {
if [type] == "apache_access" {
grok {
match => { "message" => "%{COMMONAPACHELOG}" }
}
geoip {
source => "clientip"
target => "geoip.location"
database => "/etc/logstash/GeoLiteCity.dat"
add_field => [ "[geoip.location][coordinates]", "%{[geoip.location][longitude]}" ]
add_field => [ "[geoip.location][coordinates]", "%{[geoip.location][latitude]}" ]
}
mutate {
convert => [ "[geoip.location][coordinates]", "float"]
}
}
}
Mi apache configuration on other file
filter {
if [type] == "apache" {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
add_field => [ "received_from", "%{host}" ]
}
}
}
My problem is that Kibana don't appears the "geoip" field, but clientip, hostname, etc.... appears.
Part of my logstash-forwarder configuration
{
"paths": [
"/var/log/apache2/*error.log",
"/var/log/apache2/*access-ssl.log"
],
"fields": { "type": "apache" }
},
{
"paths": [
"/var/log/apache2/*access.log"
],
"fields": { "type": "apache_access" }
}
]
}
And my logstash-forwarder registered events:
2015/09/04 09:07:57.807119 Registrar: processing 5 events
2015/09/04 09:08:45.244783 Registrar: processing 2 events
2015/09/04 09:08:50.238178 Registrar: processing 2 events
2015/09/04 09:09:02.744967 Registrar: processing 1 events
Thax so much.