Translate private ip to geo location using external dictionary

ptamba · May 2, 2020, 10:20pm

my mistake, i need to parse the resulting json using json filter. missed this part from the original post. here's working config :

if "src_internal_ip" in [tags] {
    translate {
      exact => true
      regex => true 
      override => true
      refresh_behaviour => "replace"
      field => "[source][ip]"
      destination => "geo_point"
      dictionary_path => "./geo.yml"
    }

    json {
      source => "geo_point"
      target => "[source][geo]"
    }
  }

output:

"source" => {
         "ip" => "10.5.181.74",
        "geo" => {
            "geoip" => {
                     "city_name" => "Jakarta",
                   "region_code" => "JK",
                     "longitude" => 106.822451,
                      "location" => {
                    "lat" => -6.196459,
                    "lon" => 106.822451
                },
                  "country_name" => "Indonesia",
                 "country_code3" => "ID",
                      "latitude" => -6.196459,
                   "region_name" => "Jakarta",
                 "country_code2" => "ID",
                      "timezone" => "Asia/Jakarta",
                "continent_code" => "NA"
            }
        }

thanks @ppafford for the post

Topic		Replies	Views
Translate Config works from STDIN but not Beats input Logstash	3	485	May 11, 2017
Private ip geoip from dictionary Logstash	8	4288	January 1, 2019
Create Custom geoip database for Logstash 5.2 Logstash	21	9091	April 26, 2017
Mapping private IP Address to geolocation with GeoIP Processor Elasticsearch	5	771	August 31, 2021
How to use Translate plugin in grok filter Logstash	6	1782	October 16, 2017

Translate private ip to geo location using external dictionary

Related topics