updates nginx pipeline w/ less geoip fields

roles/elasticsearch/templates/logstash-conf.d/nginx_pipeline.conf.j2

@@ -5,26 +5,33 @@ input {
 }
 
 filter {
- grok {
+  grok {
-   match => [ "message" , "%{COMBINEDAPACHELOG}+%{GREEDYDATA:extra_fields}"]
+    match => [ "message" , "%{COMBINEDAPACHELOG}+%{GREEDYDATA:extra_fields}"]
-   overwrite => [ "message" ]
+    overwrite => [ "message" ]
- }
+  }
- mutate {
+
-   convert => ["response", "integer"]
+  mutate {
-   convert => ["bytes", "integer"]
+    rename => { "extra_fields" => "real_ip" }
-   convert => ["responsetime", "float"]
+    gsub => [ "real_ip", "\"", "" ] # remove qoutes
- }
+    gsub => [ "real_ip", " ", "" ]  # remove whitespace
- # geoip {
+
- #   source => "clientip"
+    # fix
- #   add_tag => [ "nginx-geoip" ]
+    convert => ["http.response.status_code", "integer"]
- # }
+    convert => ["http.response.body.bytes", "integer"]
- date {
+    convert => ["responsetime", "float"]
-   match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
+    remove_field => ["host.containerized"]
-   remove_field => [ "timestamp" ]
+  }
- }
+
- # useragent {
+  geoip {
- #   source => "agent"
+    source => "real_ip"
- # }
+    target => "geoip"
+    fields => ["city_name", "region_name", "country_name", "region_iso_code", "country_code2", "location"]
+  }
+
+  date {
+    match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
+    remove_field => [ "timestamp" ]
+  }
 }
 
 output {
@@ -36,4 +43,3 @@ output {
     document_type => "nginx_logs"
   }
 }
-