我正在使用logstash。我已经成功安装了logstash-filter-geoip
但当我尝试使用它时,它返回_geoip_lookup_failure thi在我的logstash.conf文件中
filter{
geoip {
source => "clientip"
}
}
这是我对logstash的输入
55.3.244.1 GET /index.html 15824 0.043
它返回
{
"duration" => "0.043",
"request" => "/index.html",
"@timestamp" => 2017-07-25T14:33:30.495Z,
"method" => "GET",
"bytes" => "15824",
"@version" => "1",
"host" => "DEs-0033",
"client" => "55.3.244.1",
"message" => "55.3.244.1 GET /index.html 15824 0.043",
"tried to use this it returns _geoip_lookup_failuretags" => [
[0] "_geoip_lookup_failure"
]
}
尝试client而不是clientip。
filter{
geoip {
source => "client"
}
}
在您的情况下,clientip字段不存在。你将不得不使用client字段。
另一方面,您可以查看提供示例的IP2Location filter plugin tutorial作为您正在做的事情。例如:
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
ip2location {
source => "clientip"
}
}