Dear All,
my environment ELK 6.6.1
there I run two different applications on the same ELK stack. These are elastiflow 3.4.1 which receives the flows from a Cisco boarder gw router. And there is a filebeat which receives data from a bind9 query log. In both I have the possibility to visualize the geolocation. For one and the same IP 89.248.171.144 I get two different locations. Elsatiflow shows it in Netherlands. Filebeat in Seychelles. Also different sources in the Internet are showing different results. Obviously there I have two different geo-DB's in my ELK stack. Is there a way to synchronize or to update to latest version ?
Sitenote: I did some traceroute via Ripe NCC Atlas probes and it seems that last hop went to AS202425 which was allocated to Seychelles in 2018.
Kind regards
Hans
--