Fluentd GeoIP filter 🔗︎
Overview 🔗︎
Fluentd Filter plugin to add information about geographical location of IP addresses with Maxmind GeoIP databases. More information at https://github.com/y-ken/fluent-plugin-geoip
Configuration 🔗︎
GeoIP 🔗︎
Variable Name | Type | Required | Default | Description |
---|---|---|---|---|
geoip_lookup_keys | string | No | host | Specify one or more geoip lookup field which has ip address |
geoip_database | string | No | - | Specify optional geoip database (using bundled GeoLiteCity databse by default) |
geoip_2_database | string | No | - | Specify optional geoip2 database (using bundled GeoLite2-City.mmdb by default) |
backend_library | string | No | - | Specify backend library (geoip2_c, geoip, geoip2_compat) |
skip_adding_null_record | bool | No | true | To avoid get stacktrace error with [null, null] array for elasticsearch. |
records | []Record | No | - | Records are represented as maps: key: value |
Example GeoIP
filter configurations 🔗︎
apiVersion: logging.banzaicloud.io/v1beta1
kind: Flow
metadata:
name: demo-flow
spec:
filters:
- geoip:
geoip_lookup_keys: remote_addr
records:
- city: ${city.names.en["remote_addr"]}
location_array: '''[${location.longitude["remote"]},${location.latitude["remote"]}]'''
country: ${country.iso_code["remote_addr"]}
country_name: ${country.names.en["remote_addr"]}
postal_code: ${postal.code["remote_addr"]}
selectors: {}
localOutputRefs:
- demo-output
Fluentd Config Result 🔗︎
<filter **>
@type geoip
@id test_geoip
geoip_lookup_keys remote_addr
skip_adding_null_record true
<record>
city ${city.names.en["remote_addr"]}
country ${country.iso_code["remote_addr"]}
country_name ${country.names.en["remote_addr"]}
location_array '[${location.longitude["remote"]},${location.latitude["remote"]}]'
postal_code ${postal.code["remote_addr"]}
</record>
</filter>