ELk之使用kibana展示访问IP地图

  参考文档:http://blog.51cto.com/ls40905250/1915280

       https://blog.csdn.net/zsjwish/article/details/79792212

       https://blog.csdn.net/yanggd1987/article/details/50469113

  安装logstash的geoip插件,使logstash可以获取到国家及城市信息

?
1
yum install GeoIP-data -y

  修改原logstash配置文件

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
input{
    redis {
            host => "192.168.56.11"
            port => "6379"
            password => "123456"
            db => "3"
            data_type => "list"
            key => "system-log-5611"
        }
    redis {
            host => "192.168.56.11"
            port => "6379"
            password => "123456"
            db => "4"
            data_type => "list"
            key => "nginx-log"
        }
}
 
filter{
    if "nginx-log" in [tags] {
        json{
        source => "message"
    }
        if [user_ua] != "-" {
        useragent {
         target => "agent"   #agent将过来出的user agent的信息配置到了单独的字段中
         source => "user_ua"   #这个表示对message里面的哪个字段进行分析
       }
      }
       if [user_ip] != "-" {
      geoip {
                        source => "user_ip"
                        target => "geoip"
                       # database => "/usr/share/GeoIP/GeoIPCity.dat"
                        add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
                        add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
                }
                   mutate {
                        convert => [ "[geoip][coordinates]", "float"]
                }
     }
    }
}
 
output{
    if "nginx-log" in [tags]{
        elasticsearch{
        hosts => ["192.168.56.11:9200"]
        index => "logstash-nginx-log-%{+YYYY.MM}"
        }
        stdout{
            codec => rubydebug 
        }
    }
    if "system-log-5611" in [tags]{
        elasticsearch{
        hosts => ["192.168.56.11:9200"]
        index => "system-log-5611-%{+YYYY.MM}"
        }
    }
}

  PS:filter检测过滤如果是nginx日志并且user_ip不为空则调用geoip插件

     nginx的index设置需要在前面加logstash否则在kibana里面不识别

  通过ip获取到的信息如下

  系统自带的地图为英文地图,设置成中文地图,修改配置文件/etc/kibana/kibana.yml在尾部添加以下配置

?
1
2
3
tilemap.url: 'http://webrd02.is.autonavi.com/appmaptile?lang=zh_cn&size=1&scale=1&style=7&x={x}&y={y}&z={z}'
tilemap.options.minZoom: "1"
tilemap.options.maxZoom: "10"

  重启kibana然后进web界面进行设置

  最终效果图

 

posted @   minseo  阅读(11869)  评论(0编辑  收藏  举报
编辑推荐:
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
阅读排行:
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· AI编程工具终极对决:字节Trae VS Cursor,谁才是开发者新宠?
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
点击右上角即可分享
微信分享提示
AI IDE Trae