Heka Message Extensions with GeoIP2 Information

This module is intended to be used with another IO module such as a decoder to extend the message with GeoIP2 information prior to injection.

1. Functions

1.1. add_geoip

Given a Heka message add the geoip entries based on the specified field name. The requested geoip entries are specified in the databases configuration table. The table is <db_filename> = <lookup table>. The lookup table is <suffix> = <path array> (an empty suffix will overwrite the original value). The path specification is specific to the database being queried.

Arguments

  • msg (table) - original message
  • field_name (string) - field name in the message to lookup

Return

  • none - the message is modified in place or an error is thrown

1.2. add_geoip_xff

Given a Heka message add the geoip entries based on the specified field name containing an x_forwarded_for string. Use the xff configuration option to control the address selection.

Arguments

  • msg (table) - original message
  • field_name (string) - field name in the message to lookup

Return

  • none - the message is modified in place or an error is thrown

2. Configuration examples

maxminddb_heka = {
    databases = {
        ["GeoIP2-City-Test.mmdb"] = {
            _city = {"city", "names", "en"},
            _country = {"country", "iso_code"}
        },
        ["GeoIP2-ISP-Test.mmdb"] = {
            _isp = {"isp"}
        },
    },
    remove_original_field = false, -- remove the original field after a successful lookup
    -- xff = "last|first|all", -- default last

}

source code: heka.lua

results matching ""

    No results matching ""