IP2Location filter plugin for Logstash enables Logstash's users to add geolocation information such as country, state, city, latitude, longitude, ZIP code, time zone, ISP, domain name, connection speed, IDD code, area code, weather station code, weather station name, MNC, MCC, mobile brand, elevation and usage type by IP address.
This is IP2Location filter plugin for Logstash that enables Logstash’s users to add geolocation information such as country, region, district, city, latitude, longitude, ZIP code, time zone, Internet Service Provider (ISP), domain name, connection speed, IDD code, area code, weather station code, weather station name, mobile country code (MCC), mobile network code (MNC), mobile brand, elevation, usage type, address type, IAB category and ASN by IP address. The library reads the geo location information from IP2Location BIN data file.
Supported IPv4 and IPv6 address.
For the methods to use IP2Location filter plugin with Elastic Stack (Elasticsearch, Filebeat, Logstash, and Kibana), please take a look on this tutorial.
Note: This plugin works in Logstash 7 and Logstash 8.
This plugin requires IP2Location BIN data file to function. You may download the BIN data file at
Install this plugin by the following code:
bin/logstash-plugin install logstash-filter-ip2location
input {
beats {
port => "5043"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
ip2location {
source => "[source][address]"
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
}
}
input {
beats {
port => "5043"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
ip2location {
source => "[source][address]"
# Set path to the database located
database => "IP2LOCATION_BIN_DATABASE_FILESYSTEM_PATH"
# Enable memory mapped to be used
use_memory_mapped => true
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
}
}
| Setting | Input type | Required |
|---|---|---|
| source | string | Yes |
| database | a valid filesystem path | No |
| use_memory_mapped | boolean | No |
| use_cache | boolean | No |
| hide_unsupported_fields | boolean | No |
| Field | Description |
|---|---|
| ip2location.address_type | the IP address type (A-Anycast, B-Broadcast, M-Multicast & U-Unicast) of IP address or domain name |
| ip2location.area_code | the varying length number assigned to geographic areas for call between cities |
| ip2location.as | Autonomous system (AS) name |
| ip2location.asn | the Autonomous system number (ASN) |
| ip2location.category | the IAB content taxonomy category of IP address or domain name |
| ip2location.city | the city name |
| ip2location.country_long | the country name based on ISO 3166 |
| ip2location.country_short | the two-character country code based on ISO 3166 |
| ip2location.district | the district or county name |
| ip2location.domain | the Internet domain name associated to IP address range |
| ip2location.elevation | the elevation |
| ip2location.idd_code | the IDD prefix to call the city from another country |
| ip2location.ip_address | the IP address |
| ip2location.isp | the Internet Service Provider (ISP) name |
| ip2location.latitude | the city latitude |
| ip2location.location | the city location |
| ip2location.longitude | the city longitude |
| ip2location.mcc | the mobile country code |
| ip2location.mnc | mobile network code |
| ip2location.mobile_brand | the mobile brand |
| ip2location.net_speed | the Internet Connection Speed (DIAL) DIAL-UP,(DSL) DSL/CABLE or(COMP) COMPANY |
| ip2location.region | the region or state name |
| ip2location.time_zone | the Time zone in UTC (Coordinated Universal Time) |
| ip2location.usage_type | the usage type |
| ip2location.weather_station_code | the special code to identify the nearest weather observation station |
| ip2location.weather_station_name | the name of the nearest weather observation station |
| ip2location.zip_code | the ZIP code |
Email: [email protected]
URL: https://www.ip2location.com