input {
       file {
              path => ["/home/michel/src/kippo-git/log/kippo.json", "/home/kippo/kippo-git/log/kippo.json"]
#              path => ["/home/michel/src/kippo-git/log/kippo.json"]
              codec => json
              type => "kippo"
       }
}

filter {
    if [type] == "kippo" {

        date {
            match => [ "timestamp", "ISO8601" ]
            locale => "en"
        }


        if [src_ip]  {

            dns {
                reverse => [ "src_host", "src_ip" ]
                action => "append"
            }

            geoip {
                source => "src_ip"
                target => "geoip"
                database => "/opt/logstash/vendor/geoip/GeoLiteCity.dat"
                add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
                add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
            }

            geoip {
                source => "src_ip"
                database => "/opt/logstash/vendor/geoip/GeoIPASNum.dat"
            }

            mutate {
                convert => [ "[geoip][coordinates]", "float" ]
            }
        }
    }
}

output {
    if [type] == "kippo" {
        elasticsearch { host => helium }
        file {
            path => "/tmp/kippo-logstash.log"
            codec => json
        }
        stdout {
            codec => rubydebug
        }
    }
}