Nagios Support Forum

stecino wrote:Yes, I tried to add US map, as our data centers in US. What would be the field name in logstash that defines a data center? I guess how can add all these hosts (IPs) that translates to a single state code.

if [program] == 'syslog' {
    geoip {
        source => 'host'
    }
}

eloyd wrote:

stecino wrote:Yes, I tried to add US map, as our data centers in US. What would be the field name in logstash that defines a data center? I guess how can add all these hosts (IPs) that translates to a single state code.

You may need to define a global filter that takes the input and extracts the IP of the location of the equipment and assigns it to the geoip source. Something like this:

Code: Select all

if [program] == 'syslog' {
    geoip {
        source => 'host'
    }
}

This takes all incoming logs from the syslog source and populates the geoip information with the host IP of the generating machine. Your mileage may vary on this, but that's the basic idea.

eloyd wrote:If you start with the "Nagios Log Server Search" dashbaord, and select a record from the text at the bottom (single click the "message" line, for instance, what shows up in the "host" line?

eloyd wrote:Let me get back to you on this. I'll need to examine what we did on our server. I may have missed something.

scottwilkerson wrote:To be clear, are your "host" IP addresses "real" IP's or private IP's?

The geoip filter will only work with non-private IP's.

If they are real IP's, do you see the geoip fields in the table view of the events? If so, on the Bettermap settings, set the "Coordinate Field" to geoip.location and Tooltip Field to geoip.city_name