Geo IP
Fluentd GeoIP filter
Overview
Fluentd Filter plugin to add information about geographical location of IP addresses with Maxmind GeoIP databases. More information at https://github.com/y-ken/fluent-plugin-geoip
Configuration
GeoIP
geoip_lookup_keys (string, optional)
Specify one or more geoip lookup field which has ip address
Default: host
geoip_database (string, optional)
Specify optional geoip database (using bundled GeoLiteCity databse by default)
Default: -
geoip2_database (string, optional)
Specify optional geoip2 database (using bundled GeoLite2-City.mmdb by default)
Default: -
backend_library (string, optional)
Specify backend library (geoip2_c, geoip, geoip2_compat)
Default: -
skip_adding_null_record (*bool, optional)
To avoid get stacktrace error with [null, null]
array for elasticsearch.
Default: true
records ([]Record, optional)
Records are represented as maps: key: value
Default: -
Example GeoIP
filter configurations
apiVersion: logging.banzaicloud.io/v1beta1
kind: Flow
metadata:
name: demo-flow
spec:
filters:
- geoip:
geoip_lookup_keys: remote_addr
records:
- city: ${city.names.en["remote_addr"]}
location_array: '''[${location.longitude["remote"]},${location.latitude["remote"]}]'''
country: ${country.iso_code["remote_addr"]}
country_name: ${country.names.en["remote_addr"]}
postal_code: ${postal.code["remote_addr"]}
selectors: {}
localOutputRefs:
- demo-output
Fluentd Config Result
<filter **>
@type geoip
@id test_geoip
geoip_lookup_keys remote_addr
skip_adding_null_record true
<record>
city ${city.names.en["remote_addr"]}
country ${country.iso_code["remote_addr"]}
country_name ${country.names.en["remote_addr"]}
location_array '[${location.longitude["remote"]},${location.latitude["remote"]}]'
postal_code ${postal.code["remote_addr"]}
</record>
</filter>
Last modified July 24, 2023: Merge pull request #167 from kube-logging/link-fixes-230714 (1dda279)