In order for Heka to include the GeoIpDecoder code into it's build, you
will need to compile heka yourself on a system that has MaxMind's
geoip-api-c libraries installed:
https://github.com/maxmind/geoip-api-c/releases/
What I have in production is slightly different so I haven't tested this
but here is an example of using the decoder with Apache access logs.
[input_apache]
type = "LogstreamerInput"
log_directory = "/var/log/httpd"
file_match = 'access\.?(?P<Host>\w*)\.?(?P<Seq>\d*)\.log'
oldest_duration = "5m"
decoder = "multidecoder_apache"
priority = ["Seq"]
[multidecoder_apache]
type = "MultiDecoder"
subs = ["decoder_apache", "geoip_apache"]
cascade_strategy = "all"
[decoder_apache.config]
type = "apache"
log_format =
'\"%v\"|\"%h\"|\"%I\"|\"%O\"|\"%B\"|\"%X\"|\"%>s\"|\"%D\"|\"%r\"|\"%f\"|\"%{Referer}i\"|\"%{User-Agent}i\"|\"%{Accept}i\"|\"%{Accept-Encoding}i\"|\"%{Accept-Language}i\"|\"%{Cache-Control}i\"|\"%{Connection}i\"|\"%{Keep-Alive}o\"|\"%{Content-Type}o\"|\"%{Content-Length}o\"|\"%{Content-Encoding}o\"|\"%{UNIQUE_ID}e\"'
[geoip_apache]
type = "GeoIpDecoder"
db_file="/etc/geoip/GeoLiteCity.dat"
source_ip_field="remote_addr"
target_field="geoip"
On Thu, Mar 5, 2015 at 10:09 AM, Madhukar Thota <[email protected]>
wrote:
> Hi there
>
> is there an working example on how to use GeoIPdecoder with nginx or
> apache access logs?
>
>
>
>
> _______________________________________________
> Heka mailing list
> [email protected]
> https://mail.mozilla.org/listinfo/heka
>
>
_______________________________________________
Heka mailing list
[email protected]
https://mail.mozilla.org/listinfo/heka
