The scenario is enhancing my metricbeat data to help track a dozen laptops. I thought adding geo data to their low frequency uptime response would be a cheap way to do this. A custom pipeline that all metricbeats data goes through and then branches off if ctx.metricset.name=='uptime' was how I'd keep the lookups to a minimum.
Hit a couple snags though...
The add_host_metadata processor with netinfo.enabled: true will add a machine's local IP information.
-
host.ip is an array of all the v4 and v6 addresses a machine reports. The geoip processor can't work on an array of course.
-
host.ip doesn't contain a public IP for machines behind firewalls/balancers/etc anyway
So my question is mainly:
- How do I easily add a public IP field that I can use to geolocate devices.