logstash geoip过滤器返回_geoip_lookup_failure

时间:2017-07-25 14:48:55

标签: elasticsearch logstash elastic-stack geoip

我正在使用logstash。我已经成功安装了logstash-filter-geoip

但是当我尝试使用它时,它会返回_geoip_lookup_failure thi在我的logstash.conf文件中

filter{
    geoip {
    source => "clientip"
  }
}

这是我对logstash的输入

 55.3.244.1 GET /index.html 15824 0.043

它返回

{
    "duration" => "0.043",
    "request" => "/index.html",
    "@timestamp" => 2017-07-25T14:33:30.495Z,
    "method" => "GET",
    "bytes" => "15824",
    "@version" => "1",
    "host" => "DEs-0033",
    "client" => "55.3.244.1",
    "message" => "55.3.244.1 GET /index.html 15824 0.043",
    "tried to use this it returns _geoip_lookup_failuretags" => [
        [0] "_geoip_lookup_failure"
    ]
}

2 个答案:

答案 0 :(得分:0)

尝试client而不是clientip

filter{
    geoip {
    source => "client"
  }
}

答案 1 :(得分:0)

您的案例中不存在clientip字段。您必须使用client字段。

另一方面,您可以查看提供示例的IP2Location filter plugin tutorial作为您正在做的事情。例如:

filter {
  grok {
    match => { "message" => "%{COMBINEDAPACHELOG}"}
  }
  ip2location {
    source => "clientip"
  }
}
相关问题
最新问题