geoip {
source => "remoteip"
target => "geoip"
database => "/etc/logstash/mmcity6.dat"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
date {
locale => "en"
match => ["timestamp", "dd/MMM/YYYY:HH:mm:ss +0530" ]
target => "@timestamp"
}
kv {
field_split => "&?"
}
}
转发的 ipV6 [CLIENTIPV6] 主机名 [25/Mar/2016:19:47:13 +0530] 点击 "获取网址 HTTP/1.1" 200 5 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4(" 0.000 -
"forwarded_ip": "ipv6",
"remoteip": "IPV6",
"loghost": "HOSTN,E",
"timestamp": "25/Mar/2016:19:47:13 +0530",
"cache": "HIT",
"httpmethod": "GET",
"request": "URL",
"httpversion": "1.1",
"response": "200",
"bytes": 5,
"agent": ""Apache-HttpClient/UNAVAILABLE (java 1.4)"",
"request_time": 0
但我没有得到地理位置
支持刚刚出现在 Elastic STack 5 中。