Hi all,
I've added Fleet Keycloak integration and deployed the policy to some Keycloak servers. I can see the logs in discovery, but the Keycloak integration doesn't include the GeoIP processor, so the reported source.ip field can't be processed during ingestion.
Is there a way to add GeoIP data through index management? Maybe by adding a mapping somewhere, but this is where I'm stuck. I've not found any instructions for managing template mappings in recent Elastic versions. Most GeoIP documentation details ingestion pipelines, but if a Fleet integration doesn't support it, then it'll need to be done later.
Thanks,