According to https://www.elastic.co/guide/en/beats/packetbeat/master/packetbeat-geoip.html
It is trivial to configure the Geo-IP ingestion for an Elasticsearch output, however from the document it is not clear how this would be configured when using Elastic Cloud?
Hilton
Hi @hilt86,
The GeoIP enrichment happens inside Elasticsearch, not in Beats per se.
The first step will be to create an Ingest Node pipeline, which is documented here
Once that's done, then you can configure your Beats instances to output to "elasticsearch" output, via that Ingest Node pipeline:
output.elasticsearch:
hosts: ["localhost:9200"]
pipeline: geoip-info
You can enable the geoip plugin via the Cloud Console. Just edit your cluster and then under Elasticsearch settings you will see;
Yes I enabled the ingest-geoip on the cloud console...I also added the
pipeline: geoip-info
to my packetbeat config on my sensor but I still don't see the client_geoip.location field in Discover. Would the mapping template already have this mapping or will packetbeat update it accordingly?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.