Better Apache Dashboard - no GeoIP info

Post by **eloyd** » Thu Oct 23, 2014 10:01 am

Do I need to do something special to enable GeoIP from our Apache 2.2 access logs? I'm not seeing any of it show up in Scott's otherwise fantastic Better Apache Dashboard.

scottwilkerson · Post by **scottwilkerson** » Thu Oct 23, 2014 2:37 pm

Add the filter as you see on slide 19
http://www.slideshare.net/nagiosinc/sco ... ith-nagios

Code: Select all

if [program] == 'apache_access' {
    geoip {
        source => 'clientip'
    }
}

Then apply configuration

One caveat is it will not be retroactive but will start on all logs coming in after that is applied

scottwilkerson · Post by **scottwilkerson** » Thu Oct 23, 2014 2:42 pm

I edited the exchange listing to reflect the need for this filter

Better Apache Log Analysis

Post by **eloyd** » Thu Oct 23, 2014 3:18 pm

Okay, I do remember that now, but I am a total ELK newb. How do I get your JSON from two posts ago into my NLS?

tmcdonald · Post by **tmcdonald** » Thu Oct 23, 2014 3:22 pm

Administration -> Global Configuration -> Add Filter. Make sure to save, verify, then apply.

Post by **eloyd** » Thu Oct 23, 2014 3:29 pm

Aaaah. Okay. I was trying to do it through "Manage queries" and importing. This works much better. In fact, it works!!

Thanks!

See? Good thing you didn't click that eloyd button!

tmcdonald · Post by **tmcdonald** » Thu Oct 23, 2014 3:55 pm

Queries are also JSON-encoded, so I can understand the mixup.

And hey, the eloyd button might come in handy later if we offer an iPad 3 next year

scottwilkerson · Post by **scottwilkerson** » Fri Oct 24, 2014 8:03 am

For clarity, the filter listed above isn't JSON. I know it looks like JSON, but it is actually a fragment of logstash configuration syntax.

In Nagios Log Server we give the ability to bust up logstash inputs, filters and outputs from normal logstash configurations into fragments or config blocks. These blocks can be rearranged by dragging and dropping them to reorder.

This can be useful because the order that the filter fragments run can be important, you could be adding tags in early filters to specific messages, and then using later filter to process the message in a different manner based on the tags you set.

Post by **eloyd** » Fri Oct 24, 2014 12:59 pm

I'm looking forward to the definitive guide to NLS for those that don't know ELK, but in the meantime, I've managed to do some pretty cool reporting things with our VoIP platform. I may even submit one of the dashboards to the contest...

tmcdonald · Post by **tmcdonald** » Fri Oct 24, 2014 2:10 pm

Gonna close this one up for the sake of organization, but we love seeing stuff like this in use! Keep in touch with any other cool things you're doing, especially the VoIP stuff.

Nagios Support Forum

Better Apache Dashboard - no GeoIP info

Better Apache Dashboard - no GeoIP info

Re: Better Apache Dashboard - no GeoIP info

Re: Better Apache Dashboard - no GeoIP info

Re: Better Apache Dashboard - no GeoIP info

Re: Better Apache Dashboard - no GeoIP info

Re: Better Apache Dashboard - no GeoIP info

Re: Better Apache Dashboard - no GeoIP info

Re: Better Apache Dashboard - no GeoIP info

Re: Better Apache Dashboard - no GeoIP info

Re: Better Apache Dashboard - no GeoIP info