From 53ba93acd0266659acf23cdac3179fc35844963f Mon Sep 17 00:00:00 2001
From: Michel Oosterhof <michel@oosterhof.net>
Date: Tue, 18 Nov 2014 10:40:29 +0000
Subject: [PATCH] add ASN numbers to logstash output

---
 utils/logstash-kippo.conf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/utils/logstash-kippo.conf b/utils/logstash-kippo.conf
index b62629de..7b67adec 100644
--- a/utils/logstash-kippo.conf
+++ b/utils/logstash-kippo.conf
@@ -31,6 +31,12 @@ filter {
                 add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
                 add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
             }
+
+            geoip {
+                source => "src_ip"
+                database => "/opt/logstash/vendor/geoip/GeoIPASNum.dat"
+            }
+
             mutate {
                 convert => [ "[geoip][coordinates]", "float" ]
             }