logstash geoip过滤器返回_geoip_lookup_failure

Question

我正在处理logstash。我已经安装成功logstash - 过滤 - geoip的

但是当我试图用这个返回_geoip_lookup_failure THI是我logstash.conf文件

filter{ 
    geoip { 
    source => "clientip" 
    } 
} 

这是我logstash输入

55.3.244.1 GET /index.html 15824 0.043 

它返回

{ 
    "duration" => "0.043", 
    "request" => "/index.html", 
    "@timestamp" => 2017-07-25T14:33:30.495Z, 
    "method" => "GET", 
    "bytes" => "15824", 
    "@version" => "1", 
    "host" => "DEs-0033", 
    "client" => "55.3.244.1", 
    "message" => "55.3.244.1 GET /index.html 15824 0.043", 
    "tried to use this it returns _geoip_lookup_failuretags" => [ 
     [0] "_geoip_lookup_failure" 
    ] 
} 

Answer 1

尝试client而不是clientip。

filter{ 
    geoip { 
    source => "client" 
    } 
} 

Answer 2

clientip字段在您的情况下不存在。您将不得不使用client字段。

另一方面，您可以检查IP2Location filter plugin tutorial提供示例作为你在做什么。例如：

filter { 
    grok { 
    match => { "message" => "%{COMBINEDAPACHELOG}"} 
    } 
    ip2location { 
    source => "clientip" 
    } 
}