Geoip Ingest with Elastic Cloud

hilt86 · January 24, 2019, 2:46am

According to https://www.elastic.co/guide/en/beats/packetbeat/master/packetbeat-geoip.html

It is trivial to configure the Geo-IP ingestion for an Elasticsearch output, however from the document it is not clear how this would be configured when using Elastic Cloud?

Hilton

webmat · January 24, 2019, 3:22am

Hi @hilt86,

The GeoIP enrichment happens inside Elasticsearch, not in Beats per se.

The first step will be to create an Ingest Node pipeline, which is documented here

Once that's done, then you can configure your Beats instances to output to "elasticsearch" output, via that Ingest Node pipeline:

output.elasticsearch:
  hosts: ["localhost:9200"]
  pipeline: geoip-info

warkolm · January 24, 2019, 3:46am

You can enable the geoip plugin via the Cloud Console. Just edit your cluster and then under Elasticsearch settings you will see;

hilt86 · January 24, 2019, 4:17am

Yes I enabled the ingest-geoip on the cloud console...I also added the

pipeline: geoip-info

to my packetbeat config on my sensor but I still don't see the client_geoip.location field in Discover. Would the mapping template already have this mapping or will packetbeat update it accordingly?

system · February 21, 2019, 4:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
GeoIP - Elasticsearch Elasticsearch	10	63	July 12, 2024
GeoIP enrichment not working Beats packetbeat	31	2290	July 6, 2021
Plotting geoIP Data in Kibana Maps via Beats Output to Logstash Logstash maps	4	557	February 11, 2020
Forgot how to get geoip enrichment to work for packetbeat Beats packetbeat , ingest-pipeline	2	398	January 11, 2023
Geoip-info fail on auditbeat, filebeat and packetbeack Beats filebeat , packetbeat , auditbeat	3	405	August 20, 2021

Geoip Ingest with Elastic Cloud

Related topics