方法一、使用logstash解析
input {
redis {
host => "1。1.1.1"
port => 6379
db => 0
data_type => "list"
key => "LogstashXxx"
password => "password"
type => "xx_Nginx_Log"
}
}
filter {
if [type] == "xx_Nginx_Log" {
geoip {
source => "remote_addr"
target => "geoip"
database => "/etc/logstash/plugins/GeoLite2-City.mmdb"
}
}
output {
if [type] == "xx_Nginx_Log" {
elasticsearch {
hosts => ["1.1.1.2:9200"]
index => "xx-%{+YYYY.MM.dd}"
user => elastic
password => XxxxxPassword
}
}
}
#stdout { codec => rubydebug }
方法二、使用es的pipline管道
1 配置pipeline
PUT _ingest/pipeline/geoip
{
"description" : "Add geoip info",
"processors" : [
{
"geoip" : {
"field" : "http_x_forwarded_for"
}
}
]
}
替换 http_x_forwarded_for 为任意适合你的变量
2 配置模板
PUT _template/logstash
{
"order": 0,
"version": 60001,
"index_patterns": [
"logstash-*"
],
"settings": {
"index": {
"default_pipeline": "geoip"
}
}
}
效果:略