Hello everyone o/
I followed this tutorial and after restarting the beats (it's the same steps for all beats) I can't receive any geoip-info fields.
Do I need more configs on .yml files?
Hi @b0r1s
Can you post your 1 of your config files? You will need to add that pipeline to the elasticsearch output. Also remember the geoip only works for public IPs.
output.elasticsearch:
hosts: ["localhost:9200"]
pipeline: geoip-info
Are you sending the data directly from the Beats to Elasticsearch... is there anything in between?
The sample geoip-info pipeline will only work on the fields specified, if you IPs are in different fields then they would need to be referenced.
Hi @stephenb o/
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["https://myelasticservers..."]
pipeline: geoip-info
# Protocol - either `http` (default) or `https`.
protocol: "https"
I'm sending data directly from Beats to Elasticsearch.
I just tested packetbeat on a Windows host where I accessed some external sites and geoip worked =]
I think that before it was just capturing internal traffic, that's why it didn't appear...
I apologize for my ignorance and thank you for your attention!
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.