Коллеги, не могу найти чем заменить этот grok можно заменить?:
:reason=>«The setting `type` in plugin `grok` is obsolete and is no longer available. You can achieve this same behavior with the new conditionals, like: `if [type] == \„sometype\“ { grok { ... } }`.
Сам конфиг:
input {
file {
type => nginx_access
path => [ "/var/log/nginx/*.log" ]
start_position => "beginning"
}
}
filter {
mutate {
add_field => [ "hostip", "%{host}" ]
}
if [type] == "nginx_access" {
grok {
type => "nginx_access"
patterns_dir => "./patterns"
pattern => "%{NGINXACCESSLOG}"
}
geoip {
source => "remote_addr"
target => "geoip"
database =>"/usr/share/GeoIP/GeoLiteCity.dat"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
mutate {
convert => [ "[geoip][coordinates]", "float" ]
}
}
}
output {
elasticsearch {
host => localhost
}
}
Версия logstash - 2.4.0-1 .Конфиги пытаюсь как тут сделать https://www.ulyaoth.net/resources/tutorial-create-a-logstash-geoip-dashboard-...
