Geoip log file

AndyB · August 29, 2023, 3:14pm

I would like to see if the geoip database is being downloaded. Getting information from Bard, it tells me that I need to create a file on my server here:

/var/log/geoip/geoip.log

I have done this but the geoip.log file is empty. First question, is this correct? Second question how can I trigger Elasticsearch to download the geoip database so that I can see if the log file gets updated.

leandrojmp · August 29, 2023, 5:22pm

Hello, can you provide a little more context of you want to do?

Not sure what this mean, but this seems to be completely made up by the A.I. tool.

You could check Elasticsearch logs or use the _ingest API as explained in the documentation.

Running the following request in Dev Tools may help.

GET _ingest/geoip/stats

AndyB · August 30, 2023, 5:07am

Thank you for the information, leandrojmp. I ran the following command in SSH and it looks like there have been 0 downloads.

I'm running Elasticsearch 8.8.2. Is it normal that the geoip is being downloaded as default?

AndyB · August 31, 2023, 12:56am

I wonder if the reason I'm not seeing any successful downloads is due to me not allowing outside access to post 9200. Are the geoip database updates done through post 9200?

leandrojmp · August 31, 2023, 1:21am

No, the geoip databases are downloaded from geoip.elastic.co using port 443.

Do you have any ingest pipeline using the geoip processor? It will only download the database if you have at least one ingest pipeline using the geoip processor.

The documentation has more information on what will be downloaded and from where.

stephenb · August 31, 2023, 2:06am

Also starting lately the geo DBs are "lazy Loaded"

Blockquote

So you need to actually run the geoip processor once to trigger the download/ install...

That is a new "Feature" that kept me up late one night!

AndyB · August 31, 2023, 2:08am

I do not. So that explains why I'm not seeing any successful downloads of the geoip database.

Thank you.

AndyB · August 31, 2023, 2:09am

Thank you, stephanb, that is also very useful information.

stephenb · August 31, 2023, 2:10am

Just run the sample

PUT _ingest/pipeline/geoip
{
  "description" : "Add geoip info",
  "processors" : [
    {
      "geoip" : {
        "field" : "ip"
      }
    }
  ]
}
PUT my-index-000001/_doc/my_id?pipeline=geoip
{
  "ip": "89.160.20.128"
}
GET my-index-000001/_doc/my_id

The check the stats again

system · September 28, 2023, 2:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
GeoIP - Elasticsearch Elasticsearch	10	63	July 12, 2024
GeoIP processor / setup? Kibana ingest-pipeline	9	3465	March 25, 2022
How to update the GeoIP Databases for Elastic Ingest Pipelines Elasticsearch ingest-pipeline	5	3405	June 29, 2021
How does the new (7.14+) GeoIP Processor Work? Elasticsearch ingest-pipeline	5	435	December 21, 2021
GEOIP Database Update Issue: Documentation Followed, Databases Not Updating on Ingest Nodes Elasticsearch ingest-pipeline	19	605	February 27, 2024

Geoip log file

Related topics