zoukankan      html  css  js  c++  java

  • geoip

    [elk@Vsftp logstash]$ cat t1.conf 
input {
   stdin {
     }
 }

filter {
  geoip {
  source =>"message"
  add_field =>["[geoip][aa]","%{[geoip][location]}"]
 }
}
output {
   stdout {
   codec =>rubydebug
   }
}


[elk@Vsftp logstash]$ logstash -f t1.conf 
Settings: Default pipeline workers: 4
Pipeline main started
202.101.172.35
{
       "message" => "202.101.172.35",
      "@version" => "1",
    "@timestamp" => "2017-01-11T01:42:59.457Z",
          "host" => "Vsftp",
         "geoip" => {
                    "ip" => "202.101.172.35",
         "country_code2" => "CN",
         "country_code3" => "CHN",
          "country_name" => "China",
        "continent_code" => "AS",
              "latitude" => 35.0,
             "longitude" => 105.0,
              "location" => [
            [0] 105.0,
            [1] 35.0
        ],
                    "aa" => "105.0,35.0"
    }
}



[elk@Vsftp logstash]$ cat t1.conf 
input {
   stdin {
     }
 }

filter {
  geoip {
  source =>"message"
  add_field =>["[scan][aa]","%{[geoip][location]}"]
 }
}
output {
   stdout {
   codec =>rubydebug
   }
}

[elk@Vsftp logstash]$ 
[elk@Vsftp logstash]$ logstash -f t1.conf 
Settings: Default pipeline workers: 4
Pipeline main started
202.101.172.35
{
       "message" => "202.101.172.35",
      "@version" => "1",
    "@timestamp" => "2017-01-11T01:45:14.001Z",
          "host" => "Vsftp",
         "geoip" => {
                    "ip" => "202.101.172.35",
         "country_code2" => "CN",
         "country_code3" => "CHN",
          "country_name" => "China",
        "continent_code" => "AS",
              "latitude" => 35.0,
             "longitude" => 105.0,
              "location" => [
            [0] 105.0,
            [1] 35.0
        ]
    },
          "scan" => {
        "aa" => "105.0,35.0"
    }
}



[elk@Vsftp logstash]$ cat t1.conf 
input {
   stdin {
     }
 }

filter {
  geoip {
  source =>"message"
  add_field =>["[scan][aa]","%{[geoip][location]}"]
 }
}
output {
   stdout {
   codec =>rubydebug
   }
}
[elk@Vsftp logstash]$ cat t1.conf ^C
[elk@Vsftp logstash]$ vim t1.conf 
[elk@Vsftp logstash]$ cat t1.conf 
input {
   stdin {
     }
 }

filter {
  geoip {
  source =>"message"
  add_field =>["[scan][aa]","%{[geoip][location][0]}"]
 }
}
output {
   stdout {
   codec =>rubydebug
   }
}

[elk@Vsftp logstash]$ logstash -f t1.conf 
Settings: Default pipeline workers: 4
Pipeline main started
202.101.172.35
{
       "message" => "202.101.172.35",
      "@version" => "1",
    "@timestamp" => "2017-01-11T01:48:40.316Z",
          "host" => "Vsftp",
         "geoip" => {
                    "ip" => "202.101.172.35",
         "country_code2" => "CN",
         "country_code3" => "CHN",
          "country_name" => "China",
        "continent_code" => "AS",
              "latitude" => 35.0,
             "longitude" => 105.0,
              "location" => [
            [0] 105.0,
            [1] 35.0
        ]
    },
          "scan" => {
        "aa" => 105.0
    }
}
  • 相关阅读:
    Linux中$含义
    Linux文本处理之grep
    MySQL8.0.15的安装与配置---win10
    Jenkins实现自动运行jmeter脚本
    Hystrix初识
    Feign初始
    AS的Gradle下载不成功
    Linux安装一些软件
    OAuth2初识
    IDEA无法打开等奇异问题终极解决方法
  • 原文地址:https://www.cnblogs.com/hzcya1995/p/13349932.html
Copyright © 2011-2022 走看看