jgm95
commented
4 years ago I solved this by creating a lookup table on Graylog with the list of countries and country codes (CSV). I then used a graylog extractor which translated the countries ex. Belgium to BE. I then used the default Country location data instead of the Json endpoint.
I am trying to plot points on the world map though i'm having issues as no points are being plotted.
My set up is as follows:
Firewall -> Graylog
A firewall I have is forwarding syslog data of firewall hits to Graylog as per below:
logver=XXX timestamp=XXX tz="XXX" devname="XXX" devid="XXX" vd="XXX" date=XXX time=XXX logid="XXX" type="XXX" subtype="XXX" level="XXX" eventtime=XXX srcip=X.X.X.X srcport=XXX srcintf="XXX" srcintfrole="XXX" dstip=X.X.X.X dstport=XXX dstintf="XXX" dstintfrole="XXX" dstcountry="Italy" srccountry="Belgium" trandisp="XXX" tranip=X.X.X.X tranport=XXX
Graylog is then using the extractor feature to extract the srccountry to separate field called "country". So in this example above, graylog is extracting "Belgium" and storing it in the field "country".
Grafana -> ElasticSearch
I am then using and ElasticSearch Datasource to gather data from Grafana as per below config.
Grafana
I have imported the WorldMap Panel and have done the config as per below
-Metrics
As a json endpoint, I am using the countries.json file provided here https://github.com/grafana/worldmap-panel/blob/master/src/data/countries.json which is being accessed using an nginx webserver. I have confirmed that this is accessed via the web browser as shown below.
As a test I have set up a table to confirm that I am getting data from Elastic which I am.
I am not sure why the data is not being plotted on the map. I have also changed the key value of the countries.json from ex. BE to Belgium so that there might be a match. I am not sure how this is supposed to match, as the metric should match the key which in my case is metric(Count) to key(country).
I would appreciate any help.