zoukankan      html  css  js  c++  java

  • geoip

    [elk@Vsftp logstash]$ cat t1.conf 
input {
   stdin {
     }
 }

filter {
  geoip {
  source =>"message"
  add_field =>["[geoip][aa]","%{[geoip][location]}"]
 }
}
output {
   stdout {
   codec =>rubydebug
   }
}


[elk@Vsftp logstash]$ logstash -f t1.conf 
Settings: Default pipeline workers: 4
Pipeline main started
202.101.172.35
{
       "message" => "202.101.172.35",
      "@version" => "1",
    "@timestamp" => "2017-01-11T01:42:59.457Z",
          "host" => "Vsftp",
         "geoip" => {
                    "ip" => "202.101.172.35",
         "country_code2" => "CN",
         "country_code3" => "CHN",
          "country_name" => "China",
        "continent_code" => "AS",
              "latitude" => 35.0,
             "longitude" => 105.0,
              "location" => [
            [0] 105.0,
            [1] 35.0
        ],
                    "aa" => "105.0,35.0"
    }
}



[elk@Vsftp logstash]$ cat t1.conf 
input {
   stdin {
     }
 }

filter {
  geoip {
  source =>"message"
  add_field =>["[scan][aa]","%{[geoip][location]}"]
 }
}
output {
   stdout {
   codec =>rubydebug
   }
}

[elk@Vsftp logstash]$ 
[elk@Vsftp logstash]$ logstash -f t1.conf 
Settings: Default pipeline workers: 4
Pipeline main started
202.101.172.35
{
       "message" => "202.101.172.35",
      "@version" => "1",
    "@timestamp" => "2017-01-11T01:45:14.001Z",
          "host" => "Vsftp",
         "geoip" => {
                    "ip" => "202.101.172.35",
         "country_code2" => "CN",
         "country_code3" => "CHN",
          "country_name" => "China",
        "continent_code" => "AS",
              "latitude" => 35.0,
             "longitude" => 105.0,
              "location" => [
            [0] 105.0,
            [1] 35.0
        ]
    },
          "scan" => {
        "aa" => "105.0,35.0"
    }
}



[elk@Vsftp logstash]$ cat t1.conf 
input {
   stdin {
     }
 }

filter {
  geoip {
  source =>"message"
  add_field =>["[scan][aa]","%{[geoip][location]}"]
 }
}
output {
   stdout {
   codec =>rubydebug
   }
}
[elk@Vsftp logstash]$ cat t1.conf ^C
[elk@Vsftp logstash]$ vim t1.conf 
[elk@Vsftp logstash]$ cat t1.conf 
input {
   stdin {
     }
 }

filter {
  geoip {
  source =>"message"
  add_field =>["[scan][aa]","%{[geoip][location][0]}"]
 }
}
output {
   stdout {
   codec =>rubydebug
   }
}

[elk@Vsftp logstash]$ logstash -f t1.conf 
Settings: Default pipeline workers: 4
Pipeline main started
202.101.172.35
{
       "message" => "202.101.172.35",
      "@version" => "1",
    "@timestamp" => "2017-01-11T01:48:40.316Z",
          "host" => "Vsftp",
         "geoip" => {
                    "ip" => "202.101.172.35",
         "country_code2" => "CN",
         "country_code3" => "CHN",
          "country_name" => "China",
        "continent_code" => "AS",
              "latitude" => 35.0,
             "longitude" => 105.0,
              "location" => [
            [0] 105.0,
            [1] 35.0
        ]
    },
          "scan" => {
        "aa" => 105.0
    }
}
  • 相关阅读:
    传球接力
    业务办理
    P2077 红绿灯
    【UR #4】元旦激光炮
    P1939 【模板】矩阵加速(数列)
    #82. 【UR #7】水题生成器
    Visible Trees HDU
    创始人的领导力和合伙人选择
    面向对象笔试题练习一
    MicroPython+北斗+GPS+GPRS:TPYBoardv702短信功能使用说明
  • 原文地址:https://www.cnblogs.com/hzcya1995/p/13349932.html
Copyright © 2011-2022 走看看