Is there any way I can get client location without GeoIP ingest plugin?
I'm using the available modules for filebeat and metricbeat, and also about to include heartbeat and packetbeat.
You can use Logstash with the geoip filter.
Thanks for your response.
I'm trying to keep logstash out of the ecuation for now, so I'm trying to do it with Elasticsearch and Beat. I found JimCheetham post about generating a filter with mutate and geoip in logstash but if I can help it will be better.
Maybe the "hardcoded" localization can be added in a custom field to a Module over the Beat configuration.
Then Elasticsearch has https://www.elastic.co/guide/en/elasticsearch/plugins/current/ingest-geoip.html
Hi Warkolm,
I don't understand what you mean, I've already stated that it couldn't be done with GeoIP ingest plugin since it is a WAN.
So i'm trying to do it over the beat client or adjusting maxmind GeoIP database to include my private IP addresses. The foremost doesn't seem to support custom fields like that and I'm not sure how to generate a new maxmind db since they seem to be a propietary type binary (mmdb).
I will try this solution soon:
Don't you mean LAN then?
It is not a LAN. I should have done a better introduction perhaps.
In question:
1- I have private IP addresses that I need to monitor and present over a map.
2- I would like to extend Beat or Maxmind functionalities to include Geolocation with private IP but avoiding to install a logstash node to generate them thru filters.
Thanks, that does make things clearer.
In this case you will need Logstash to do this as it is not anything beats can, or likely will, do.
Thank you!
This topic was automatically closed after 21 days. New replies are no longer allowed.