Elastic Observability Engineer Lab 5.4 - geoip database unavailable

AnitaL · September 26, 2022, 3:45pm

Hi,

When I use the GeoIP processor as per step 11 and test the pipeline as per step 12 I see the following instead of the new geoip fields - full test result at bottom of this post.

          "tags": [
            "_geoip_database_unavailable_GeoLite2-City.mmdb"
          ],

This endpoint returns the following, unsure what to do next?

GET _ingest/geoip/stats
{
  "stats" : {
    "successful_downloads" : 0,
    "failed_downloads" : 1,
    "total_download_time" : 0,
    "databases_count" : 0,
    "skipped_updates" : 0,
    "expired_databases" : 3
  },
  "nodes" : { }
}

Below is full response from the test.

{
  "docs": [
    {
      "doc": {
        "_index": ".ds-logs-nginx.access-default-2022.09.21-000001",
        "_id": "Ny3VeIMByZrZX3hvB6eu",
        "_source": {
          "request": "GET / HTTP/1.0",
          "referer": "-",
          "response_code": 302,
          "useragent": "Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0",
          "ip_address": "178.128.152.119",
          "response_size": 154,
          "url": {
            "path": "/",
            "original": "/"
          },
          "tags": [
            "_geoip_database_unavailable_GeoLite2-City.mmdb"
          ],
          "@timestamp": "2022-09-26T08:06:02.000Z",
          "_tmp": {},
          "user": "-",
          "user_agent": {
            "name": "Firefox",
            "original": "Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0",
            "os": {
              "name": "Linux"
            },
            "device": {
              "name": "Other"
            },
            "version": "98.0."
          }
        },
        "_ingest": {
          "timestamp": "2022-09-26T15:17:47.612105899Z"
        }
      }
    }
  ]
}

Andre_Murbach_Maidl · September 26, 2022, 3:51pm

Hi @AnitaL ,

it looks like your environment had an issue to download the GeoLite2-City.mmdb geo database. Please try running following command on Dev Tools to restart automatic database download.

PUT _cluster/settings
{ 
    "transient": {
        "ingest.geoip.downloader.enabled" : false
    }
}

PUT _cluster/settings
{
    "transient": {
        "ingest.geoip.downloader.enabled" : true
    }
}

This should fix the issue.

Best,
Andre

system · October 26, 2022, 3:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Nginx-ingress-controller-access, _geoip_database_unavailable_GeoLite2-City.mmdb, _geoip_database_unavailable_GeoLite2-ASN.mmdb Elastic Agent integrations	31	473	April 15, 2024
SentinelOne integration GeoIP database error SIEM elastic-agent	3	479	June 10, 2023
Geoip2 ASN resolution in Ingest Pipeline Elasticsearch ingest-pipeline	6	154	April 22, 2024
GEOIP Database Update Issue: Documentation Followed, Databases Not Updating on Ingest Nodes Elasticsearch ingest-pipeline	19	595	February 27, 2024
New GeoIP ingest processor is missing databases, but existing GeoIP processors work fine Elasticsearch ingest-pipeline	15	1387	January 3, 2023

Elastic Observability Engineer Lab 5.4 - geoip database unavailable

Related Topics