GeoIP
-
- Posts: 19
- Joined: Wed Nov 22, 2017 5:07 am
GeoIP
Can we use the geoIP command that is in elastic search to give the country location? https://www.elastic.co/blog/geoip-in-the-elastic-stack. If so is it already packaged or do we need to install it somehow? Thanks
Re: GeoIP
All you need to do to enable it is create a filter using geoip. See https://www.youtube.com/watch?v=xj4GnpMyjc0.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 19
- Joined: Wed Nov 22, 2017 5:07 am
Re: GeoIP
thanks - done that and its awesome!
Just one thing though - when I go to export to a CSV the field "geoip.country_name" is blank, although it has data when viewed in the web GUI. We are running version 2.0.7.
Any thoughts?
Thanks
Just one thing though - when I go to export to a CSV the field "geoip.country_name" is blank, although it has data when viewed in the web GUI. We are running version 2.0.7.
Any thoughts?
Thanks
Re: GeoIP
This is a bug, the CSV export functionality doesn't support subarrays, the developers will need to fix this, I've created a bug report here:
You can edit this file:
And at the bottom, change this:
To this:
Now it should work.
Code: Select all
NEW TASK ID 14353 created - Nagios Log Server Bug Report: LS - Add subarray CSV output support, currently subarray values show as blank
Code: Select all
/var/www/html/nagioslogserver/application/controllers/Dashboard.php
Code: Select all
// Output CSV format
print implode(',', $fields) . "\n";
foreach ($data['hits']['hits'] as $hit) {
$tmp = array();
foreach ($fields as $i) {
$field = "";
if (@isset($hit['_source'][$i])) {
$field = $hit['_source'][$i];
} else {
$field = $hit[$i];
}
}
$tmp[] = '"'.trim(str_replace(array("\r", "\n", "'"), array(" ", " ", "'"), html_entity_decode($field))).'"';
}
print implode(',', $tmp) . "\n";
To this:
Code: Select all
// Output CSV format
print implode(',', $fields) . "\n";
foreach ($data['hits']['hits'] as $hit) {
$tmp = array();
foreach ($fields as $i) {
$field = "";
if (!strpos($i, '.')) {
// If strpos is zero, we really don't know how to handle that, fall through to this anyways.
if (@isset($hit['_source'][$i])) {
$field = $hit['_source'][$i];
} else {
$field = $hit[$i];
}
}
else {
$keys = explode('.', $i);
$field = $hit['_source'];
for ($j = 0; $j < count($keys); $j++) {
if (@isset($field[$keys[$j]])) {
$field = $field[$keys[$j]];
}
}
}
$tmp[] = '"'.trim(str_replace(array("\r", "\n", "'"), array(" ", " ", "'"), html_entity_decode($field))).'"';
}
print implode(',', $tmp) . "\n";
-
- Posts: 19
- Joined: Wed Nov 22, 2017 5:07 am
Re: GeoIP
cheers - will just wait for a fix
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: GeoIP
Great!billy_strath wrote:cheers - will just wait for a fix
Locking