Elasticsearch Ingest Support For GeoIP2 ISP

Evesy · January 10, 2019, 5:55pm

Hi,

Does the Elasticsearch ingest plugin support the MaxMind GeoIP2 ISP database? I saw that is was added to Logstash a while back (https://github.com/logstash-plugins/logstash-filter-geoip/pull/111) however when trying to specify it in an ingest pipeline:

        "field": "nginx.access.remote_ip",
        "database_file": "GeoIP2-ISP.mmdb",
        "target_field": "geoip",
        "ignore_missing": true

I receive the below:

Failed to connect: Connection marked as failed because the onConnect callback failed: Error loading pipeline for fileset ingress-nginx/access: couldn't load pipeline: couldn't load json. Error: 400 Bad Request: {"error":{"root_cause":[{"type":"parse_exception","reason":"[database_file] Unsupported database type [GeoIP2-ISP]","header":{"processor_type":"geoip","property_name":"database_file"}}],"type":"parse_exception","reason":"[database_file] Unsupported database type [GeoIP2-ISP]","header":{"processor_type":"geoip","property_name":"database_file"}},"status":400}. Response body: {"error":{"root_cause":[{"type":"parse_exception","reason":"[database_file] Unsupported database type [GeoIP2-ISP]","header":{"processor_type":"geoip","property_name":"database_file"}}],"type":"parse_exception","reason":"[database_file] Unsupported database type [GeoIP2-ISP]","header":{"processor_type":"geoip","property_name":"database_file"}},"status":400}

Thanks,
Mike

toppyc · January 11, 2019, 2:08am

It looks like it does not support the GeoIP2-ISP.mmdb. Did you try to open the ASN file GeoIP2-ASN.mmdb instead?

We are currently using geolocation database from other service provider IP2Location Logstash with ISP information ready.

system · February 8, 2019, 2:09am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.