Open acchen97 opened 7 years ago
something like this for the LS config, filter section?
# Add more geolocation data / ASN info
if [SOURCE] {
geoip {
source => "SOURCE"
database => "/etc/logstash/GeoLite2-City.mmdb"
add_tag => [ "GeoIP" ]
}
geoip {
source => "SOURCE"
database => "/etc/logstash/GeoLite2-ASN.mmdb"
}
}
With the recent addition of GeoIP2 ISP and ASN lookup support, we should include documentation on how to enable it esp since its been a hot request. We don't bundle these datasets OOTB, so they'll need to download/license and include it when running Logstash.
/cc @dedemorton @suyograo