- elasticsearch/
elasticsearch logstash-Kibana中的geoip无法使用IP地址显示任何信息
elasticsearch logstash-Kibana中的geoip无法使用IP地址显示任何信息
我想使用ElasticSearch、Kibana和Logstash在世界地图中显示访问我的应用程序的用户数 这是我的日志(Json格式): 这是我的配置文件:
input {
file {
path => ["/mnt/logs/stb.events"]
codec => "json"
type => "event"
}
}
filter {
date {
match => [ "timestamp", "yyyy-MM-dd HH:mm:ss", "ISO8601" ]
}
}
filter {
mutate {
convert => [ "downlink", "integer" ]
}
}
filter {
geoip {
add_tag => [ "geoip" ]
database => "/opt/logstash/vendor/geoip/GeoLiteCity.dat"
source => "public_ip"
target => "geoip"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
mutate {
convert => [ "[geoip][coordinates]", "float" ]
}
}
output {
elasticsearch {
host => localhost
}
}
有人能帮我指出我的错误在哪里吗?由于Logstash 1.3.0,您可以使用自动创建的geoip.location字段,而不是创建坐标字段并手动将其转换为float 您的日志中似乎缺少一个花括号,我想这是正确的格式:
{
"device": {
"public_ip": "70.90.17.210",
"mac": "00:01:02:03:04:05",
"ip": "192.16.1.10"
},
"event": {
"timestamp": "2014-08-15T00:00:00.000Z",
"source": "system",
"name": "status"
},
"status": {
"channel": "channelname",
"section": "pictures",
"downlink": 1362930,
"network": "Wi-Fi"
}
}
然后您应该能够在地图中使用“geoip.location”。我做了大量的研究和调试,发现为了正确解析,当用作源代码时,嵌套字段应该被[]包围。您能显示rubydebug输出的输出吗?`输出{elasticsearch{host=>localhost}stdout{codec=>rubydebug}}`感谢您的回答。你能更详细地解释一下如何运行它吗,因为我对Ruby不太熟悉,提前感谢暗示用我以前的注释中的输出块替换你的输出块OK,我把它添加到我的logstash配置文件中,然后重新启动logstash(它运行正常),我需要查找什么?先谢谢你,谢谢,我稍后再试试
{
"device": {
"public_ip": "70.90.17.210",
"mac": "00:01:02:03:04:05",
"ip": "192.16.1.10"
},
"event": {
"timestamp": "2014-08-15T00:00:00.000Z",
"source": "system",
"name": "status"
},
"status": {
"channel": "channelname",
"section": "pictures",
"downlink": 1362930,
"network": "Wi-Fi"
}
}
filter {
geoip {
source => "[device][public_ip]"
}
}