IP location, the process to extract geo-coordinates from IP address, so that the extracted details can be used in the future. Reports/Dashboards based on geo-location will be very useful because it will be easy to see where the traffic is coming from. In this post, you can see how to map ip address to geo location on real time data using ELK.

But why using ELK ?

Of course, in many places we need to map ip address to geo location, I tried with one today’s popular technology ELK.

ELK is widely used in organisations, for insights, dashboards, reports, metrics and it goes. Mostly, people who use ELK always try to get more insights from the available data. So including geo details will be helpful, like you can see from where more traffic is happening, which part of the world peoples are interested.

Now, lets see the example.

I have taken sample nginx data for testing and I have tested with below versions of ELK stack,

  • logstash-6.3.1
  • elasticsearch-6.3.1
  • kibana-6.3.1-linux-x86_64

Follow the below steps, to test geoip with ELK,

  • clone the project by, git clone https://github.com/mdrilwan/geoipWithELK.git
  • Before starting logstash, update the elasticsearch mappings to store coordinates as geo_point type, by following the below steps,
  • If you read from file, update the path of input file in logstash configuration file geoip.conf or else update input source so that you can read from where you want. And then start logstash
  • Once data is indexed in elasticsearch, you can try tilemap visualization in kibana like the below image

geoip_visualisation

  • You can see, in the above image, I have used Shaded Circle Markers instead of Scaled Circle Markers.

Below is a sample dashboard which maps ip address to geo location along with different visualisations,

geoip_dashboard


1 Comment

mongo263017564 · September 18, 2018 at 2:38 pm

Very nice rilwan 🙂

Leave a Reply

%d bloggers like this: