Are there any advantage configuring geoip file with GeoLite Dat File or just using geoip?
I haven't seen any write-ups on the use case for when to use GeoLite Dat File or in the geoip documentation
I've successfully implemented it both ways, but more curious.
Here's my configs:
GeoIP Filter
filter {
if [path] =~ "access.log" {
if [user_agent] != "ELB-HealthChecker/1.0" {
geoip {
source => "remote_addr"
target => "geoip"
}
useragent {
source => "user_agent"
}
}
}
}
GeoIP Filter with GeoLite Dat File
filter {
if [path] =~ "access.log" {
if [user_agent] != "ELB-HealthChecker/1.0" {
geoip {
source => "remote_addr"
target => "geoip"
- database => "/etc/logstash/GeoLite2-City.dat"
- add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
- add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
- add_tag => ["geo"]
}
useragent {
source => "user_agent"
}
}
}
}
Thanks,
Rich