1回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
As of now Amazon Elasticsearch service does not have the ingest-geoip module built in. So, there are 2 ways you can tackle this error:
- Use logstash: In this method instead of sending data from Filebeat -> Elasticsearch, send it via logstash. You can do something like Filebeat -> Logstash -> Elasticsearch.
In this case add the geoip filter in logstash and enrich the data for IP. A sample conf may look like:
input {
beat { .. }
}
filter {
geoip {
source => "ip_field_name"
}
}
output {
elasticsearch { .. }
}
2) Skip the geoip parsing and just send the data to Elasticsearch. You won't get the geo details extracted, but you can still send the rest of data to Elasticsearch.
For this go to your filebeat installation path, for example: filebeat-7.10.0-darwin-x86_64/module/nginx/access/ingest/pipeline.yml and comment out or remove the section related to geoip.
- geoip:
field: source.ip
target_field: source.geo
ignore_missing: true
- geoip:
database_file: GeoLite2-ASN.mmdb
field: source.ip
target_field: source.as
properties:
- asn
- organization_name
ignore_missing: true
回答済み 3年前
関連するコンテンツ
AWS公式更新しました 1年前
