start on elk6.x

2025-07-02 01:27:27 -04:00 · 2018-04-18 15:21:32 +00:00
parent 06c7454da6
commit 6e072980a0
10 changed files with 655 additions and 12 deletions
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@ -382,12 +382,12 @@ if "_grokparsefailure" in [tags] { drop {} }
    geoip {
      cache_size => 10000
      source => "src_ip"
-      database => "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-geoip-4.3.1-java/vendor/GeoLite2-City.mmdb"
+      database => "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-filter-geoip-5.0.3-java/vendor/GeoLite2-City.mmdb"
    } 
    geoip {
      cache_size => 10000
      source => "src_ip"
-      database => "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-geoip-4.3.1-java/vendor/GeoLite2-ASN.mmdb"
+      database => "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-filter-geoip-5.0.3-java/vendor/GeoLite2-ASN.mmdb"
    } 
    translate {
      refresh_interval => 86400
@ -426,6 +426,7 @@ if "_grokparsefailure" in [tags] { drop {} }
 output {
  elasticsearch {
    hosts => ["elasticsearch:9200"]
+    document_type => "doc"
  }

  if [type] == "Suricata" {