无法在maxmind的GEOIP数据库中查找IPv6

时间:2016-03-28 07:49:28

标签: logstash geoip logstash-grok elastic-stack maxmind 

geoip {
source => "remoteip"
target => "geoip"
database => "/etc/logstash/mmcity6.dat"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
date {
locale => "en"
match => ["timestamp", "dd/MMM/YYYY:HH:mm:ss +0530" ]
target => "@timestamp"
}
kv {
field_split => "&?"
}
}

FORWARDEDipV6 [CLIENTIPV6] HOSTNAME [25 / Mar / 2016:19:47:13 +0530] HIT"获取URL HTTP / 1.1" 200 5" - " " Apache-HttpClient / UNAVAILABLE(java 1.4)" 0.000 - 

"forwarded_ip": "ipv6",
"remoteip": "IPV6",
"loghost": "HOSTN,E",
"timestamp": "25/Mar/2016:19:47:13 +0530",
"cache": "HIT",
"httpmethod": "GET",
"request": "URL",
"httpversion": "1.1",
"response": "200",
"bytes": 5,
"agent": "\"Apache-HttpClient/UNAVAILABLE (java 1.4)\"",
"request_time": 0

但我没有获得地理位置

1 个答案:

答案 0 :(得分:0)

支持刚刚进入Elastic STack 5 ..

相关问题
最新问题