jippi · June 19, 2013 20:03
diff --git a/conf b/conf
 input {
  file {
    path => "/var/log/apache2/access.log.json"
    format => json_event
    type => apache
  }
 }

 filter {
  geoip {
    source => "client"
    add_tag => [ "geo" ]
 #    add_field => [ "geo_json", "%{@soure.longitude}", "geo_json", "%{@source.latitude}" ]
  }

  mutate {
    merge => ["@fields.geo_json", "geoip.longitude"]
    tags => [ "geo" ]
  }

  mutate {
    merge => ["@fields.geo_json", "geoip.latitude"]
    tags => [ "geo" ]
  }

 }

 output {
  stdout { debug => true }

 #  elasticsearch_http {
 #    host => "es01.bownty.net"
 #  }
 }

diff --git a/out.json b/out.json
 {
         "@source" => "file://ip-10-33-129-37//var/log/apache2/access.log.json",
           "@tags" => [
        [0] "geo"
    ],
         "@fields" => {
                 "client" => "77.213.176.86",
          "duration_usec" => 4081,
                 "status" => 200,
                "request" => "/js/bownty.v3.js?v=1370008443",
                "urlpath" => "/js/bownty.v3.js",
               "urlquery" => "?v=1370008443",
                  "bytes" => 6783,
                  "vhost" => "da.bownty.com",
                 "method" => "GET",
               "referrer" => "http://da.bownty.com/?gclid=CPDc15zy8LcCFYF6cAodSwcA_g",
                  "geoip" => {
                        "ip" => "77.213.176.86",
             "country_code2" => "DK",
             "country_code3" => "DNK",
              "country_name" => "Denmark",
            "continent_code" => "EU",
               "region_name" => "",
                 "city_name" => "",
               "postal_code" => "",
                  "latitude" => 56.0,
                 "longitude" => 10.0,
                  "dma_code" => nil,
                 "area_code" => nil,
                  "timezone" => "Europe/Copenhagen"
        },
               "geo_json" => [
            [0] nil
        ],
        "geoip.longitude" => [
            [0] 10.0
        ],
         "geoip.latitude" => [
            [0] 56.0
        ]
    },
      "@timestamp" => "2013-06-19T21:50:18+0200",
    "@source_host" => "ip-10-33-129-37",
    "@source_path" => "//var/log/apache2/access.log.json",
           "@type" => "apache"
 }
	input {
	file {
	path => "/var/log/apache2/access.log.json"
	format => json_event
	type => apache
	}
	}

	filter {
	geoip {
	source => "client"
	add_tag => [ "geo" ]
	# add_field => [ "geo_json", "%{@soure.longitude}", "geo_json", "%{@source.latitude}" ]
	}

	mutate {
	merge => ["@fields.geo_json", "geoip.longitude"]
	tags => [ "geo" ]
	}

	mutate {
	merge => ["@fields.geo_json", "geoip.latitude"]
	tags => [ "geo" ]
	}

	}

	output {
	stdout { debug => true }

	# elasticsearch_http {
	# host => "es01.bownty.net"
	# }
	}
	{
	"@source" => "file://ip-10-33-129-37//var/log/apache2/access.log.json",
	"@tags" => [
	[0] "geo"
	],
	"@fields" => {
	"client" => "77.213.176.86",
	"duration_usec" => 4081,
	"status" => 200,
	"request" => "/js/bownty.v3.js?v=1370008443",
	"urlpath" => "/js/bownty.v3.js",
	"urlquery" => "?v=1370008443",
	"bytes" => 6783,
	"vhost" => "da.bownty.com",
	"method" => "GET",
	"referrer" => "http://da.bownty.com/?gclid=CPDc15zy8LcCFYF6cAodSwcA_g",
	"geoip" => {
	"ip" => "77.213.176.86",
	"country_code2" => "DK",
	"country_code3" => "DNK",
	"country_name" => "Denmark",
	"continent_code" => "EU",
	"region_name" => "",
	"city_name" => "",
	"postal_code" => "",
	"latitude" => 56.0,
	"longitude" => 10.0,
	"dma_code" => nil,
	"area_code" => nil,
	"timezone" => "Europe/Copenhagen"
	},
	"geo_json" => [
	[0] nil
	],
	"geoip.longitude" => [
	[0] 10.0
	],
	"geoip.latitude" => [
	[0] 56.0
	]
	},
	"@timestamp" => "2013-06-19T21:50:18+0200",
	"@source_host" => "ip-10-33-129-37",
	"@source_path" => "//var/log/apache2/access.log.json",
	"@type" => "apache"
	}