logstash中配置的GeoIP的数据库解析ip了,这里是用了开源的ip数据源,用来分析客户端的ip归属地。官网在这里:MAXMIND
下载GeoLiteCity数据库
wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
tar -zxvf GeoLite2-City.tar.gz
cp GeoLite2-City.mmdb /data/logstash/
/data/logstash 是 logstash的安装目录
修改配置文件(自己定义的config/logstash.conf)
在 filter中添加
geoip {
source => “http_x_forwarded_for” # 取自nginx中的客户端ip
target => “geoip”
database => “/data/logstash/GeoLite2-City.mmdb”
add_field => [ “[geoip][coordinates]”, “%{[geoip][longitude]}” ]
add_field => [ “[geoip][coordinates]”, “%{[geoip][latitude]}” ]
}
mutate {
convert => [ “[geoip][coordinates]”, “float” ]
}