Nagios Support Forum

Posted: **Tue Jul 02, 2019 4:46 am**

Can we use the geoIP command that is in elastic search to give the country location? https://www.elastic.co/blog/geoip-in-the-elastic-stack. If so is it already packaged or do we need to install it somehow? Thanks

Posted: **Tue Jul 02, 2019 9:42 am**

All you need to do to enable it is create a filter using geoip. See https://www.youtube.com/watch?v=xj4GnpMyjc0.

Posted: **Wed Jul 17, 2019 3:41 am**

thanks - done that and its awesome!

Just one thing though - when I go to export to a CSV the field "geoip.country_name" is blank, although it has data when viewed in the web GUI. We are running version 2.0.7.

Any thoughts?

Thanks

Posted: **Wed Jul 17, 2019 12:19 pm**

Please send us what you have set for your filter, I'm going to lab this up and see if I'm able to replicate it.

Posted: **Wed Jul 17, 2019 5:02 pm**

This is a bug, the CSV export functionality doesn't support subarrays, the developers will need to fix this, I've created a bug report here:

Code: Select all

NEW TASK ID 14353 created - Nagios Log Server Bug Report: LS - Add subarray CSV output support, currently subarray values show as blank

You can edit this file:

Code: Select all

/var/www/html/nagioslogserver/application/controllers/Dashboard.php

And at the bottom, change this:

Code: Select all

    // Output CSV format
        print implode(',', $fields) . "\n";
        foreach ($data['hits']['hits'] as $hit) {
            $tmp = array();
            foreach ($fields as $i) {
                $field = "";
                        if (@isset($hit['_source'][$i])) {
                        $field = $hit['_source'][$i];
                    } else {
                        $field = $hit[$i];
                    }
                }

                $tmp[] = '"'.trim(str_replace(array("\r", "\n", "&apos;"), array(" ", " ", "'"), html_entity_decode($field))).'"';
            }
            print implode(',', $tmp) . "\n";

To this:

Code: Select all

        // Output CSV format
        print implode(',', $fields) . "\n";
        foreach ($data['hits']['hits'] as $hit) {
            $tmp = array();
            foreach ($fields as $i) {

                $field = "";
                if (!strpos($i, '.')) {
                    // If strpos is zero, we really don't know how to handle that, fall through to this anyways.

                    if (@isset($hit['_source'][$i])) {
                        $field = $hit['_source'][$i];
                    } else {
                        $field = $hit[$i];
                    }
                }
                else {

                    $keys = explode('.', $i);
                    $field = $hit['_source'];
                    for ($j = 0; $j < count($keys); $j++) {
                        if (@isset($field[$keys[$j]])) {
                            $field = $field[$keys[$j]];
                        }
                    }
                }

                $tmp[] = '"'.trim(str_replace(array("\r", "\n", "&apos;"), array(" ", " ", "'"), html_entity_decode($field))).'"';
            }
            print implode(',', $tmp) . "\n";

Now it should work.

Posted: **Fri Jul 19, 2019 7:02 am**

cheers - will just wait for a fix

Posted: **Fri Jul 19, 2019 1:59 pm**

billy_strath wrote:cheers - will just wait for a fix

Great!

Locking

Nagios Support Forum

GeoIP

GeoIP

Re: GeoIP

Re: GeoIP

Re: GeoIP

Re: GeoIP

Re: GeoIP

Re: GeoIP