• geoip设置


    [elk@node01 conf]$ cat elk.conf 
    input {
       stdin{}
    }
    
    filter {  
        grok {  
            match => ["message", "%{HTTPDATE:logdate}s+%{IPORHOST:clientip}"]  
        } 
        date {
            match => ["logdate", "dd/MMM/yyyy:HH:mm:ss Z"]
        }
    
     mutate {
                rename => {"logdate" => "curdate"}
    }
       geoip {
                            source => "clientip"
                            target => "geoip"
                            database => "/usr/local/logstash-2.3.4/etc/GeoLiteCity.dat"
                            add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
                            add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
                    }
    }
    
    
    output {  
            stdout {  
                codec => rubydebug  
            }  
          } 
    
    [elk@node01 conf]$ logstash -f elk.conf 
    Settings: Default pipeline workers: 4
    Pipeline main started
    12/Sep/2016:21:32:33 +0800 202.101.172.35
    {
           "message" => "12/Sep/2016:21:32:33 +0800 202.101.172.35",
          "@version" => "1",
        "@timestamp" => "2016-09-12T13:32:33.000Z",
              "host" => "node01",
          "clientip" => "202.101.172.35",
           "curdate" => "12/Sep/2016:21:32:33 +0800",
             "geoip" => {
                          "ip" => "202.101.172.35",
               "country_code2" => "CN",
               "country_code3" => "CHN",
                "country_name" => "China",
              "continent_code" => "AS",
                 "region_name" => "02",
                   "city_name" => "Hangzhou",
                    "latitude" => 30.293599999999998,
                   "longitude" => 120.16140000000001,
                    "timezone" => "Asia/Shanghai",
            "real_region_name" => "Zhejiang",
                    "location" => [
                [0] 120.16140000000001,
                [1] 30.293599999999998
            ],
                 "coordinates" => [
                [0] 120.16140000000001,
                [1] 30.293599999999998
            ]
        }
    }
    
    
    [elk@node01 conf]$ cat elk.conf 
    input {
       stdin{}
    }
    
    filter {  
        grok {  
            match => ["message", "%{HTTPDATE:logdate}s+%{IPORHOST:clientip}"]  
        } 
        date {
            match => ["logdate", "dd/MMM/yyyy:HH:mm:ss Z"]
        }
    
     mutate {
                rename => {"logdate" => "curdate"}
    }
       geoip {
                            source => "clientip"
                            target => "geoip"
                            database => "/usr/local/logstash-2.3.4/etc/GeoLiteCity.dat"
                            add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
                            add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
                            add_field =>["xxipyy","%{[geoip][location][0]}"]
                    }
    }
    
    
    output {  
            stdout {  
                codec => rubydebug  
            }  
          } 
    [elk@node01 conf]$ logstash -f elk.conf 
    Settings: Default pipeline workers: 4
    Pipeline main started
    12/Sep/2016:21:32:33 +0800 202.101.172.35
    {
           "message" => "12/Sep/2016:21:32:33 +0800 202.101.172.35",
          "@version" => "1",
        "@timestamp" => "2016-09-12T13:32:33.000Z",
              "host" => "node01",
          "clientip" => "202.101.172.35",
           "curdate" => "12/Sep/2016:21:32:33 +0800",
             "geoip" => {
                          "ip" => "202.101.172.35",
               "country_code2" => "CN",
               "country_code3" => "CHN",
                "country_name" => "China",
              "continent_code" => "AS",
                 "region_name" => "02",
                   "city_name" => "Hangzhou",
                    "latitude" => 30.293599999999998,
                   "longitude" => 120.16140000000001,
                    "timezone" => "Asia/Shanghai",
            "real_region_name" => "Zhejiang",
                    "location" => [
                [0] 120.16140000000001,
                [1] 30.293599999999998
            ],
                 "coordinates" => [
                [0] 120.16140000000001,
                [1] 30.293599999999998
            ]
        },
            "xxipyy" => 120.16140000000001
    }
    

  • 相关阅读:
    作业11
    作业10总结
    作业10
    作业9总结
    作业9
    作业8总结
    作业8
    实验7总结
    实验6总结
    史航第12次作业&总结
  • 原文地址:https://www.cnblogs.com/hzcya1995/p/13349644.html
Copyright © 2020-2023  润新知