Hmmm, the geoip processes happen in an ingest pipelines on elasticsearch, not on the agent host, so it should be independent of agent Host OS.
First, I would update the Network Capture Integration.
v1.1.0 is nearly 3 years old
the latest is
Network Packet Capture version
|Latest version|1.32.1|
Then say that is DNS flow the geoip happens in
logs-network_traffic.dns-1.32.1-geoip ingest pipeline which does not operate on Operating System OS
Perhaps upgrade and see if you get different results