I'm looking to enrich netflow data with Logstash, and I have two MaxMind GeoIP databases - one with public IP address ranges and another with the private address ranges that we use in our Enterprise. What is the best practice to handle this?
Can you do conditional lookups in Logstash (look for private IP lat/long, else look for public IP lat/long) or is it better to merge the MaxMind databases into one?
Thank you for any tips.