I have enabled the geoip of logstash plugin, but I cannot manually insert the database I want into the config file and it keeps giving the following error.
I didn't understand this exactly, the geoip function just needs to be activated on the logstash. Do I have a mistake in the pipeline config file?What is the difference between dat and your mmbr extension in your maxmind databases?
pipeline:
filter {
grok {
match => { "message" => "%{IP:clientip} - %{DATA:user_name} \[%{HTTPDATE:access_time}\] \"%{WORD:http_method} %{DATA:url} HTTP/%{NUMBER:http_version}\" %{NUMBER:response_code} %{NUMBER:body_sent_bytes} \"%{DATA:referrer}\" \"%{GREEDYDATA:agent}" }
}
geoip {
source => "[clientip]"
ecs_compatibility => disabled
target => "geoip"
database => “/usr/share/logstash/database/GeoIPCity.dat”
}
error log: image attach enter image description here
