• geoip

    [elk@Vsftp logstash]$ cat t1.conf 
input {
   stdin {
     }
 }

filter {
  geoip {
  source =>"message"
  add_field =>["[geoip][aa]","%{[geoip][location]}"]
 }
}
output {
   stdout {
   codec =>rubydebug
   }
}


[elk@Vsftp logstash]$ logstash -f t1.conf 
Settings: Default pipeline workers: 4
Pipeline main started
202.101.172.35
{
       "message" => "202.101.172.35",
      "@version" => "1",
    "@timestamp" => "2017-01-11T01:42:59.457Z",
          "host" => "Vsftp",
         "geoip" => {
                    "ip" => "202.101.172.35",
         "country_code2" => "CN",
         "country_code3" => "CHN",
          "country_name" => "China",
        "continent_code" => "AS",
              "latitude" => 35.0,
             "longitude" => 105.0,
              "location" => [
            [0] 105.0,
            [1] 35.0
        ],
                    "aa" => "105.0,35.0"
    }
}



[elk@Vsftp logstash]$ cat t1.conf 
input {
   stdin {
     }
 }

filter {
  geoip {
  source =>"message"
  add_field =>["[scan][aa]","%{[geoip][location]}"]
 }
}
output {
   stdout {
   codec =>rubydebug
   }
}

[elk@Vsftp logstash]$ 
[elk@Vsftp logstash]$ logstash -f t1.conf 
Settings: Default pipeline workers: 4
Pipeline main started
202.101.172.35
{
       "message" => "202.101.172.35",
      "@version" => "1",
    "@timestamp" => "2017-01-11T01:45:14.001Z",
          "host" => "Vsftp",
         "geoip" => {
                    "ip" => "202.101.172.35",
         "country_code2" => "CN",
         "country_code3" => "CHN",
          "country_name" => "China",
        "continent_code" => "AS",
              "latitude" => 35.0,
             "longitude" => 105.0,
              "location" => [
            [0] 105.0,
            [1] 35.0
        ]
    },
          "scan" => {
        "aa" => "105.0,35.0"
    }
}



[elk@Vsftp logstash]$ cat t1.conf 
input {
   stdin {
     }
 }

filter {
  geoip {
  source =>"message"
  add_field =>["[scan][aa]","%{[geoip][location]}"]
 }
}
output {
   stdout {
   codec =>rubydebug
   }
}
[elk@Vsftp logstash]$ cat t1.conf ^C
[elk@Vsftp logstash]$ vim t1.conf 
[elk@Vsftp logstash]$ cat t1.conf 
input {
   stdin {
     }
 }

filter {
  geoip {
  source =>"message"
  add_field =>["[scan][aa]","%{[geoip][location][0]}"]
 }
}
output {
   stdout {
   codec =>rubydebug
   }
}

[elk@Vsftp logstash]$ logstash -f t1.conf 
Settings: Default pipeline workers: 4
Pipeline main started
202.101.172.35
{
       "message" => "202.101.172.35",
      "@version" => "1",
    "@timestamp" => "2017-01-11T01:48:40.316Z",
          "host" => "Vsftp",
         "geoip" => {
                    "ip" => "202.101.172.35",
         "country_code2" => "CN",
         "country_code3" => "CHN",
          "country_name" => "China",
        "continent_code" => "AS",
              "latitude" => 35.0,
             "longitude" => 105.0,
              "location" => [
            [0] 105.0,
            [1] 35.0
        ]
    },
          "scan" => {
        "aa" => 105.0
    }
}
  • 相关阅读:
    Docker用途 & 和tomcat的区别
    Ubuntu安装Redis
    Ubuntu查看和设置Root账户
    Oracle常用语句
    Redis知识总结
    Blazor学习笔记01: 使用BootstrapBlazor组件 创建一个具有单表维护功能的表格页面
    NET Core之积沙成塔01: 解决Visual Studio 2019 代码提示为英文
    MySQL系统自带的数据库information schema
    Windows安装mysql方法
    数据库之概念
  • 原文地址:https://www.cnblogs.com/hzcya1995/p/13349932.html
Copyright © 2020-2023  润新知