Fluentd
Search…
1.0
geoip
The
filter_geoip Filter plugin adds geographic location information to logs using the Maxmind GeoIP databases.This document does not describe all the parameters. If you want to know full features, check the Further Reading section.
Prerequisites
Install GeoIP library:
1
# for RHEL/CentOS
2
$ sudo yum group install "Development Tools"
3
$ sudo yum install geoip-devel --enablerepo=epel
4
​
5
# for Ubuntu/Debian
6
$ sudo apt install build-essential
7
$ sudo apt install libgeoip-dev
8
​
9
# for macOS (brew)
10
$ brew install geoip
Copied!
libmaxminddb for GeoIP2 is bundled with geoip2_c.Install
filter_geoip is not included in td-agent. All users must install the fluent-plugin-geoip gem using the following command:1
$ fluent-gem install fluent-plugin-geoip
2
$ sudo /usr/sbin/td-agent-gem install fluent-plugin-geoip
Copied!
Example Configuration
This configuration adds the geolocation information to
apache.access:1
<filter access.apache>
2
@type geoip
3
​
4
# Specify one or more geoip lookup field which has ip address (default: host)
5
geoip_lookup_keys host
6
​
7
# Specify optional geoip database (using bundled GeoLiteCity databse by default)
8
# geoip_database "/path/to/your/GeoIPCity.dat"
9
# Specify optional geoip2 database (using bundled GeoLite2 database by default)
10
# geoip2_database "/path/to/your/GeoLite2-City.mmdb"
11
# Specify backend library (geoip2_c, geoip, geoip2_compat)
12
backend_library geoip2_c
13
​
14
# Set adding field with placeholder (more than one settings are required.)
15
<record>
16
city ${city.names.en["host"]}
17
latitude ${location.latitude["host"]}
18
longitude ${location.longitude["host"]}
19
country ${country.iso_code["host"]}
20
country_name ${country.names.en["host"]}
21
postal_code ${postal.code["host"]}
22
region_code ${subdivisions.0.iso_code["host"]}
23
region_name ${subdivisions.0.names.en["host"]}
24
</record>
25
​
26
# To avoid get stacktrace error with `[null, null]` array for elasticsearch.
27
skip_adding_null_record true
28
</filter>
Copied!
Plugin helpers
Parameters
geoip_database
geoip_databasetype
default
version
string
bundled
1.0.0
Path to GeoIP database file.
geoip2_database
geoip2_databasetype
default
version
string
bundled
1.0.0
Path to GeoIP2 database file.
geoip_lookup_keys
geoip_lookup_keystype
default
version
array
["host"]
1.2.0
Specifies one or more geoip lookup fields containing the IP address.
NOTE: Since v1.3.0 does not interpret
host.ip as a nested attribute.geoip_lookup_key
geoip_lookup_keytype
default
version
string
host
1.0.0
Specifies one or more geoip lookup fields containing the ip address.
This parameter has been deprecated since v1.2.0.
skip_adding_null_record
skip_adding_null_recordtype
default
version
bool
false
1.0.0
Set to
true to skip adding the field with [null, null] array.This is useful for Elasticsearch.
backend_library
backend_librarytype
default
available values
version
enum
geoip2_c
geoip, geoip2_compat, geoip2_c
1.0.0
Set backend library.
Use cases
Plot Realtime Access Statistics on a World Map using Elasticsearch and Kibana
Required plugins:
fluent-plugin-geoipfluent-plugin-elasticsearch
1
<filter apache.access>
2
@type geoip
3
backend_library geoip2_c
4
​
5
# Set key name for the client ip address values
6
geoip_lookup_keys host
7
​
8
# Specify key name for the country_code values
9
<record>
10
country_code ${country.iso_code["host"]}
11
country_name ${country.names.en["host"]}
12
</record>
13
</filter>
14
​
15
<match apache.access>
16
@type elasticsearch
17
host localhost
18
port 9200
19
type_name apache
20
logstash_format true
21
flush_interval 10s
22
</match>
Copied!
Further Reading
If this article is incorrect or outdated, or omits critical information, please let us know. Fluentd is an open-source project under Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.
Last modified 11mo ago