stecino wrote:Yes, I tried to add US map, as our data centers in US. What would be the field name in logstash that defines a data center? I guess how can add all these hosts (IPs) that translates to a single state code.
You may need to define a global filter that takes the input and extracts the IP of the location of the equipment and assigns it to the geoip source. Something like this:
This takes all incoming logs from the syslog source and populates the geoip information with the host IP of the generating machine. Your mileage may vary on this, but that's the basic idea.
stecino wrote:Yes, I tried to add US map, as our data centers in US. What would be the field name in logstash that defines a data center? I guess how can add all these hosts (IPs) that translates to a single state code.
You may need to define a global filter that takes the input and extracts the IP of the location of the equipment and assigns it to the geoip source. Something like this:
This takes all incoming logs from the syslog source and populates the geoip information with the host IP of the generating machine. Your mileage may vary on this, but that's the basic idea.
Thanks for the info. So I created a global filter, and applied global config changes to the cluster. So in the all events panel, when selecting geoip or geoip.lcoation fields I am still not seeing anything. Do I need to do anything else?
If you start with the "Nagios Log Server Search" dashbaord, and select a record from the text at the bottom (single click the "message" line, for instance, what shows up in the "host" line?
I'm just going to emulate lmiltchev, "Thanks eloyd!" Good work!
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
eloyd wrote:If you start with the "Nagios Log Server Search" dashbaord, and select a record from the text at the bottom (single click the "message" line, for instance, what shows up in the "host" line?
Host has the value of the IP of the host that message record belong to, but it doesn't have any geoIP. It only shows info based on my mappings. So for geoIP to be populated, do I need to update my mappings?
I can make it show geoIP column if I select all, but then it still not showing the geoip after I activated the global filter
To be clear, are your "host" IP addresses "real" IP's or private IP's?
The geoip filter will only work with non-private IP's.
If they are real IP's, do you see the geoip fields in the table view of the events? If so, on the Bettermap settings, set the "Coordinate Field" to geoip.location and Tooltip Field to geoip.city_name
scottwilkerson wrote:To be clear, are your "host" IP addresses "real" IP's or private IP's?
The geoip filter will only work with non-private IP's.
If they are real IP's, do you see the geoip fields in the table view of the events? If so, on the Bettermap settings, set the "Coordinate Field" to geoip.location and Tooltip Field to geoip.city_name
My IPs are private IPs. So I guess that answers the question. Is there a way for me to add NATed IPs that are public facing to this?
