Question

我需要输入一个csv文件来logstash，过滤掉源IP字段并将其转换为geoip。我的kibana消息现在是这样的：

June 29th 2016, 12:22:07.194    message:"Jun 27, 2016, 10:56:17 PM",107.77.212.114,10.119.1.29,HTTP 200 - Ok,CTSUSCHDSXCM003,1 @version:1 @timestamp:June 29th 2016, 12:22:07.194 path:/mnt/shiny/ELT.csv host:ubuntuserver _id:AVWa7d0P6YdQaT-CDTqx _type:logs _index:elt1 _score:

有人可以帮我用logstash配置文件来实现同样的目的。

我试过了：

input{
    file{
    path=> "/mnt/shiny/ELT.csv" start_position=>"beginning" }
}

filter{ 
    csv{
        columns => ["Start Time","Source IP","Destination IP","Event Name","Log Source","Event Count"] separator=>"," 
    }
    geoip {
        source => "Source IP" 
        target => "geoip" 
        database => "/etc/logstash/GeoLiteCity.dat" 
        add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ] 
        add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ] 
    }
    mutate {
        convert => [ "[geoip][coordinates]", "float"] 
    }                 
}

output{
    elasticsearch{
        hosts=>"localhost:9200" 
        index=>"elt1" 
    }
}

Answer 1

鲍德斯普，你的回答是否正确。数据库是我通过下载新数据来解决的问题。谢谢你的帮助。

从CSV文件创建地理IP - Logstash

1 个答案: