geoip

[elk@Vsftp logstash]$ cat t1.conf 
input {
   stdin {
     }
 }

filter {
  geoip {
  source =>"message"
  add_field =>["[geoip][aa]","%{[geoip][location]}"]
 }
}
output {
   stdout {
   codec =>rubydebug
   }
}


[elk@Vsftp logstash]$ logstash -f t1.conf 
Settings: Default pipeline workers: 4
Pipeline main started
202.101.172.35
{
       "message" => "202.101.172.35",
      "@version" => "1",
    "@timestamp" => "2017-01-11T01:42:59.457Z",
          "host" => "Vsftp",
         "geoip" => {
                    "ip" => "202.101.172.35",
         "country_code2" => "CN",
         "country_code3" => "CHN",
          "country_name" => "China",
        "continent_code" => "AS",
              "latitude" => 35.0,
             "longitude" => 105.0,
              "location" => [
            [0] 105.0,
            [1] 35.0
        ],
                    "aa" => "105.0,35.0"
    }
}



[elk@Vsftp logstash]$ cat t1.conf 
input {
   stdin {
     }
 }

filter {
  geoip {
  source =>"message"
  add_field =>["[scan][aa]","%{[geoip][location]}"]
 }
}
output {
   stdout {
   codec =>rubydebug
   }
}

[elk@Vsftp logstash]$ 
[elk@Vsftp logstash]$ logstash -f t1.conf 
Settings: Default pipeline workers: 4
Pipeline main started
202.101.172.35
{
       "message" => "202.101.172.35",
      "@version" => "1",
    "@timestamp" => "2017-01-11T01:45:14.001Z",
          "host" => "Vsftp",
         "geoip" => {
                    "ip" => "202.101.172.35",
         "country_code2" => "CN",
         "country_code3" => "CHN",
          "country_name" => "China",
        "continent_code" => "AS",
              "latitude" => 35.0,
             "longitude" => 105.0,
              "location" => [
            [0] 105.0,
            [1] 35.0
        ]
    },
          "scan" => {
        "aa" => "105.0,35.0"
    }
}



[elk@Vsftp logstash]$ cat t1.conf 
input {
   stdin {
     }
 }

filter {
  geoip {
  source =>"message"
  add_field =>["[scan][aa]","%{[geoip][location]}"]
 }
}
output {
   stdout {
   codec =>rubydebug
   }
}
[elk@Vsftp logstash]$ cat t1.conf ^C
[elk@Vsftp logstash]$ vim t1.conf 
[elk@Vsftp logstash]$ cat t1.conf 
input {
   stdin {
     }
 }

filter {
  geoip {
  source =>"message"
  add_field =>["[scan][aa]","%{[geoip][location][0]}"]
 }
}
output {
   stdout {
   codec =>rubydebug
   }
}

[elk@Vsftp logstash]$ logstash -f t1.conf 
Settings: Default pipeline workers: 4
Pipeline main started
202.101.172.35
{
       "message" => "202.101.172.35",
      "@version" => "1",
    "@timestamp" => "2017-01-11T01:48:40.316Z",
          "host" => "Vsftp",
         "geoip" => {
                    "ip" => "202.101.172.35",
         "country_code2" => "CN",
         "country_code3" => "CHN",
          "country_name" => "China",
        "continent_code" => "AS",
              "latitude" => 35.0,
             "longitude" => 105.0,
              "location" => [
            [0] 105.0,
            [1] 35.0
        ]
    },
          "scan" => {
        "aa" => 105.0
    }
}