Skip to content

Instantly share code, notes, and snippets.

@andrewkroh

andrewkroh/geoip-asn-pipeline.json

Created February 21, 2019 20:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save andrewkroh/ecb4fff18851e627e141d93dba878750 to your computer and use it in GitHub Desktop.
Save andrewkroh/ecb4fff18851e627e141d93dba878750 to your computer and use it in GitHub Desktop.
Download ZIP
Ingest Node GeoIP and ASN
Raw
geoip-asn-pipeline.json
{
"description": "Add Geo and ASN to event",
"processors": [
{
"geoip": {
"if": "ctx.source?.geo == null",
"field": "source.ip",
"target_field": "source.geo",
"ignore_missing": true
}
},
{
"geoip": {
"if": "ctx.destination?.geo == null",
"field": "destination.ip",
"target_field": "destination.geo",
"ignore_missing": true
}
},
{
"geoip": {
"if": "ctx.source?.as == null",
"database_file": "GeoLite2-ASN.mmdb",
"field": "source.ip",
"target_field": "source.as",
"properties": [
"asn",
"organization_name"
],
"ignore_missing": true
}
},
{
"geoip": {
"if": "ctx.destination?.as == null",
"database_file": "GeoLite2-ASN.mmdb",
"field": "destination.ip",
"target_field": "destination.as",
"properties": [
"asn",
"organization_name"
],
"ignore_missing": true
}
},
{
"rename": {
"field": "source.as.asn",
"target_field": "source.as.num",
"ignore_missing": true
}
},
{
"rename": {
"field": "source.as.organization_name",
"target_field": "source.as.org",
"ignore_missing": true
}
},
{
"rename": {
"field": "destination.as.asn",
"target_field": "destination.as.num",
"ignore_missing": true
}
},
{
"rename": {
"field": "destination.as.organization_name",
"target_field": "destination.as.org",
"ignore_missing": true
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment