Skip to content

Instantly share code, notes, and snippets.

@isalgueiro
Last active November 30, 2017 09:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save isalgueiro/63652783f01fca9645dbe5f5e13017b5 to your computer and use it in GitHub Desktop.
Save isalgueiro/63652783f01fca9645dbe5f5e13017b5 to your computer and use it in GitHub Desktop.
Adding geoip info in logstash is not an straightforward configuration. You need to adapt `location` field to visualize it properly in Kibana (i.e. use it in a map view).
if [remote_host] =~ /.+/ {
geoip {
source => "remote_host"
}
if "_geoip_lookup_failure" not in [tags] {
mutate {
remove_field => ["[geoip][location]"] # para que non mande un array
}
mutate {
convert => {"[geoip][latitude]" => "float"}
convert => {"[geoip][longitude]" => "float"}
add_field => ["[geoip][location]", "%{[geoip][latitude]},%{[geoip][longitude]}"]
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment