I am posting a json from an application to logstash wanting to get the location of an IP-adress with logstashes geoip plugin. However i get a _geoip_lookup_failure.
this is my logstash config
http {
port => "4200"
codec => json
}
}
filter{
geoip {
source => "clientip"
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
this is what I post to the port :
{'used_credentials': [
{'username': 'l', 'number_of_usages': 1, 'used_commands': {},
'get_access': 'false',
'timestamps': {'1': '04/15/2019, 21:08:54'}, 'password': 'l'}],
'clientip': '192.168.xxx.xx',
'unsuccessfull_logins': 1}
and this is what i get in logstash:
{
"unsuccessfull_logins" => 1,
"@version" => "1",
"used_credentials" => [
[0] {
"username" => "l",
"used_commands" => {},
"password" => "l",
"timestamps" => {
"1" => "04/15/2019, 21:08:54"
},
"number_of_usages" => 1,
"get_access" => "false"
}
],
"clientip" => "192.168.xxx.xx",
"@timestamp" => 2019-04-15T19:08:57.147Z,
"host" => "127.0.0.1",
"headers" => {
"request_path" => "/telnet",
"connection" => "keep-alive",
"accept_encoding" => "gzip, deflate",
"http_version" => "HTTP/1.1",
"content_length" => "227",
"http_user_agent" => "python-requests/2.21.0",
"request_method" => "POST",
"http_accept" => "*/*",
"content_type" => "application/json",
"http_host" => "127.0.0.1:4200"
},
"geoip" => {},
"tags" => [
[0] "_geoip_lookup_failure"
]
}
I don't understand why the input is recognized corectly but goeip does not find it
The problem is that your clientip
is in the 192.168.0.0/16
network, which is a private network reserved for local use only, it is not present on the database used by the geoip
filter.
The geoip
filter will only work with public IP addresses.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.