Sidehistorik

...

Advarsel

This is for sure because I use "filebeat" as index for apache logs, and not "logstash" as is default (if logstash ships directly to Elasticseach). The filebeat template in /etc/filebeat/filebeat.template.json has hos Geo infono geo/location mappings, and I am not sure its even used, ; as Elasticseach just creates the index upon getting data in..

In /etc/logstash/conf.d/10-beats-input.conf I do have:

Kodeblok

geoip {
      source => "clientip"
      target => "geoip"
      database => "/etc/logstash/GeoLite2-City.mmdb"
      add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
      add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
    }
    mutate {
      convert => [ "[geoip][coordinates]", "float"]
    }

but that seems to be "not enough" - possibly because I have no output template defined in /etc/logstash/conf.d/30-elasticsearch-output.conf

...

Content

Rum-værktøjer

Versioner sammenlignet

Gammel version 4

Ny version 5

Nøgle