Skip to content

Change GeoIP field name for dest_ip to not overlap with GeoIP for src_ip #184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Enrico204 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Change GeoIP field name for dest_ip to not overlap with GeoIP for src_ip #184

Enrico204 wants to merge 1 commit into from

Conversation

@Enrico204
Copy link

@Enrico204 Enrico204 commented May 15, 2019

This commit renames the geoip field for dest_ip to geoip_dest in
logstash.conf and creates a new mapping in elasticsearch6-template.json.

In logstash configuration, GeoIP is used for both dest_ip and src_ip
if both are present. However, the target field have the same name
(geoip) for both, so in the end the dest_ip GeoIP will overwrite the
src_ip one.

Fixes #183

@Enrico204
Change GeoIP field name for dest_ip to not overlap with GeoIP for src_ip
1f507fd 
This commit renames the `geoip` field for `dest_ip` to `geoip_dest` in
`logstash.conf` and creates a new mapping in `elasticsearch6-template.json`.

In logstash configuration, GeoIP is used for both `dest_ip` and `src_ip`
if both are present. However, the `target` field have the same name
(`geoip`) for both, so in the end the `dest_ip` GeoIP will overwrite the
`src_ip` one.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

GeoIP informations mapped for wrong IP

1 participant

@Enrico204