Fluentd GeoIP filter 🔗︎

Overview 🔗︎

Fluentd Filter plugin to add information about geographical location of IP addresses with Maxmind GeoIP databases. More information at https://github.com/y-ken/fluent-plugin-geoip

Configuration 🔗︎

GeoIP 🔗︎

geoip_lookup_keys (string, optional) 🔗︎

Specify one or more geoip lookup field which has ip address

Default: host

geoip_database (string, optional) 🔗︎

Specify optional geoip database (using bundled GeoLiteCity databse by default)

Default: -

geoip_2_database (string, optional) 🔗︎

Specify optional geoip2 database (using bundled GeoLite2-City.mmdb by default)

Default: -

backend_library (string, optional) 🔗︎

Specify backend library (geoip2_c, geoip, geoip2_compat)

Default: -

skip_adding_null_record (bool, optional) 🔗︎

To avoid get stacktrace error with [null, null] array for elasticsearch.

Default: true

records ([]Record, optional) 🔗︎

Records are represented as maps: key: value

Default: -

Example GeoIP filter configurations 🔗︎

apiVersion: logging.banzaicloud.io/v1beta1
kind: Flow
 name: demo-flow
   - geoip:
       geoip_lookup_keys: remote_addr
         - city: ${city.names.en["remote_addr"]}
           location_array: '''[${location.longitude["remote"]},${location.latitude["remote"]}]'''
           country: ${country.iso_code["remote_addr"]}
           country_name: ${country.names.en["remote_addr"]}
           postal_code:  ${postal.code["remote_addr"]}
 selectors: {}
   - demo-output

Fluentd Config Result 🔗︎

<filter **>
 @type geoip
 @id test_geoip
 geoip_lookup_keys remote_addr
 skip_adding_null_record true
   city ${city.names.en["remote_addr"]}
   country ${country.iso_code["remote_addr"]}
   country_name ${country.names.en["remote_addr"]}
   location_array '[${location.longitude["remote"]},${location.latitude["remote"]}]'
   postal_code ${postal.code["remote_addr"]}