ELK实现使用地图显示用户所在城市 

1.#下载地图库,先用邮箱注册账户才能下载
https://www.maxmind.com/en/geolite2/signup?lang=en  #注册地址
https://dev.maxmind.com/geoip/geolite2-free-geolocation-data #下载地址
https://www.maxmind.com/en/accounts/765626/geoip/downloads #下载地址,找到GeoLite2 City,Download GZIP

2.#解压GeoLite2-City_20220913.tar.gz
[root@host1 ~]#cd /etc/logstash/
[root@host1 ~]#tar xf GeoLite2-City_20220913.tar.gz
[root@host1 logstash]#ls
conf.d                         jvm.options           logstash.yml
GeoLite2-City_20220913         log4j2.properties     pipelines.yml
GeoLite2-City_20220913.tar.gz  logstash-sample.conf  startup.options

3.#配置logstash使用地址库,加入filter语句块
[root@host1 logstash]#vim /etc/logstash/conf.d/redis-to-elasticsearsh.conf
    host => "10.0.0.160"
    port => "6379"
    db => "3"
    password => "123456"
  }

}

filter {
  if [fields][type] == "nginx-log-10.0.0.180"  {
     json {
                source => "message"
        }
     geoip {
                source => "clientip"
                target => "geoip"
                database  =>  "/etc/logstash/GeoLite2-City_20220913/GeoLite2-City.mmdb"
                add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
                add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
        }
    mutate {
      convert => [ "[geoip][coordinates]", "float"]
   }
 }
}

output {
  if [fields][type] == "nginx-log-10.0.0.180" {
    elasticsearch {
      hosts => ["10.0.0.150:9200"]
      index => "logstash-nginx-log-%{+YYYY.MM.dd}"
    }
  jdbc {
    connection_string => "jdbc:mysql://10.0.0.200/elk?user=elk&password=123456&useUnicode=true&characterEncoding=UTF8&autoReconnect=true&failOverReadOnly=false"
    statement => ["INSERT INTO elklog(clientip,size,url,status) VALUES(?,?,?,?)","clientip","size","url","status"]
  }
  }
  if [fields][type] == "tomcat-log-10.0.0.180" {
    elasticsearch {
      hosts => ["10.0.0.150:9200"]

4.#重启logstash服务并写入带公网ip的测试数据。
[root@host1 ~]#systemctl restart logstash
#在后端nginx服务器导入测试数据
[root@host4 ~]#tail -n 5 /var/log/nginx/access.log >/root/nginx_access.log
[root@host4 ~]#sed -i 's/"clientip":"10.0.0.1"/"clientip":"223.5.5.5"/' /root/nginx_access.log
[root@host4 ~]#cat /root/nginx_access.log >> /var/log/nginx/access.log

5.#在kibana验证查看数据。并在地图中查看用户公网ip所在城市情况

posted @   小糊涂90  阅读(54)  评论(0编辑  收藏  举报
相关博文:
· filebeat收集tomcat,nginx日志发送给redis-->logstash --> elasticsearch实现日志分类缓存及写入到Redis不同的index
· 使用kubeadm安装k8s
· Kibana深入结合Logstash画地图
· ELK-LogStash案例
· ELK分析Nginx日志和可视化展示
阅读排行:
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· AI技术革命,工作效率10个最佳AI工具
点击右上角即可分享
微信分享提示