Re: [graylog2] Re: Geo-Location Processor doesn't create _geolocation fields for custom fields created by pipeline rules

2016-09-01 Thread Jason Haar
On Thu, Sep 1, 2016 at 2:12 AM, Jan wrote: > Found the error. In my original pipeline-rule I used the "to_ip" function > to convert the pattern match to an IP. With this setting resolving the IP > to a geo location fails. > I changed the rule now to convert the pattern

[graylog2] Re: Geo-Location Processor doesn't create _geolocation fields for custom fields created by pipeline rules

2016-09-01 Thread Jochen Schalanda 
Thanks for the feedback!

On Wednesday, 31 August 2016 16:12:11 UTC+2, Jan wrote:
>
> Found the error. In my original pipeline-rule I used the "to_ip" function 
> to convert the pattern match to an IP. With this setting resolving the IP 
> to a geo location fails.
> I changed the rule now to

[graylog2] Re: Geo-Location Processor doesn't create _geolocation fields for custom fields created by pipeline rules

2016-08-31 Thread Jan 
Found the error. In my original pipeline-rule I used the "to_ip" function 
to convert the pattern match to an IP. With this setting resolving the IP 
to a geo location fails.
I changed the rule now to convert the pattern match to a string by using 
the "to_string" function. Voila... geo

[graylog2] Re: Geo-Location Processor doesn't create _geolocation fields for custom fields created by pipeline rules

2016-08-31 Thread Jan
I checked the message processing setting thru the API-Browser to make sure all Graylog nodes have the correct settings. They all report back { "processor_order": [ "org.graylog.plugins.pipelineprocessor.processors.PipelineInterpreter",

[graylog2] Re: Geo-Location Processor doesn't create _geolocation fields for custom fields created by pipeline rules

2016-08-30 Thread Jochen Schalanda
Hi Jan, from your description and the order of message processors you've described (please check again according to http://docs.graylog.org/en/2.0/pages/geolocation.html#configure-the-message-processor) it should work. You can set the logger org.graylog.plugins.map.geoip to DEBUG for more

[graylog2] Re: Geo-Location Processor doesn't create _geolocation fields for custom fields created by pipeline rules

2016-08-30 Thread Jan
Not sure... I thought I posted some examples. So here is a screenshot: Am Dienstag, 30. August 2016 10:16:01 UTC+2 schrieb Jochen Schalanda: > > Hi Jan, > >

[graylog2] Re: Geo-Location Processor doesn't create _geolocation fields for custom fields created by pipeline rules

2016-08-30 Thread Jochen Schalanda
Hi Jan, On Tuesday, 30 August 2016 10:03:24 UTC+2, Jan wrote: > > An Example message can look like this […] > Okay, and how does it look like after you've extracted those IP addresses? Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog

[graylog2] Re: Geo-Location Processor doesn't create _geolocation fields for custom fields created by pipeline rules

2016-08-30 Thread Jan 
Hi Jochen,

An Example message can look like this

<189>date=2016-08-30 time=08:34:23 devname=fw-cluster1 
devid=FGT3HD4895600243 logid=000114 type=traffic subtype=local 
level=notice vd=mgmt-domain srcip=80.0.0.1 srcport=12345 srcintf="agg1.208" 
dstip=80.0.0.2 dstport=162