我需要输入一个csv文件到logstash,过滤出源IP字段并将其转换为geoip。我现在的kibana信息是这样的:
June 29th 2016, 12:22:07.194 message:"Jun 27, 2016, 10:56:17 PM",107.77.212.114,10.119.1.29,HTTP 200 - Ok,CTSUSCHDSXCM003,1 @version:1 @timestamp:June 29th 2016, 12:22:07.194 path:/mnt/shiny/ELT.csv host:ubuntuserver _id:AVWa7d0P6YdQaT-CDTqx _type:logs _index:elt1 _score:
有人可以帮助我与logstash配置文件实现相同的。
I have try:
input{
file{
path=> "/mnt/shiny/ELT.csv" start_position=>"beginning" }
}
filter{
csv{
columns => ["Start Time","Source IP","Destination IP","Event Name","Log Source","Event Count"] separator=>","
}
geoip {
source => "Source IP"
target => "geoip"
database => "/etc/logstash/GeoLiteCity.dat"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
mutate {
convert => [ "[geoip][coordinates]", "float"]
}
}
output{
elasticsearch{
hosts=>"localhost:9200"
index=>"elt1"
}
}
Baudsp,你的回答是否正确?数据库是我通过下载一个新数据库修复的问题。谢谢你的帮助。