Geoip pipeline creation issue

derekmizak · February 28, 2019, 12:58pm

I have created ingest pipeline as follow:

PUT _ingest/pipeline/geoip
{
  "description": "Add geoip info",
  "processors": [
    {
      
      "geoip": {
        "field": "dest.ip",
        "ignore_failure": true
      }
    }
  ]
}

Next I have indexed a single document:

POST packetbeat-dm-6.6.1-2019.02/doc/?pipeline=geoip
{
  "dest.ip":"80.34.121.50"
}

However, when I have requested this document,

GET packetbeat-dm-6.6.1-2019.02/_search
{
  "query": {
    "match": {
      "dest.ip":"80.34.121.50"
    }
  }
}

I couldnt see any of the processing done. What am I doing wrong here?

"hits" : [
      {
        "_index" : "packetbeat-dm-6.6.1-2019.02",
        "_type" : "doc",
        "_id" : "HgQnNGkB6DzpB6JS5TVw",
        "_score" : 8.552432,
        "_source" : {
          "dest.ip" : "80.34.121.50"
        }
      }
    ]

dadoonet · February 28, 2019, 2:03pm

I'm not able to reproduce the problem with:

POST _ingest/pipeline/_simulate
{
  "pipeline" :{
  "description": "date pipeline ",
  "processors": [
    {
      
      "geoip": {
        "field": "dest.ip",
        "ignore_failure": true
      }
    }
  ]},
  "docs": [
    {
      "_index": "index",
      "_type": "_doc",
      "_id": "id",
       "_source": {
          "dest": {
            "ip": "80.34.121.50"
          }
       }
    }
  ]
}

It gives:

{
  "docs" : [
    {
      "doc" : {
        "_index" : "index",
        "_type" : "_doc",
        "_id" : "id",
        "_source" : {
          "geoip" : {
            "continent_name" : "Europe",
            "region_iso_code" : "ES-M",
            "city_name" : "Pozuelo de Alarcón",
            "region_name" : "Madrid",
            "location" : {
              "lon" : -3.8134,
              "lat" : 40.4329
            },
            "country_iso_code" : "ES"
          },
          "dest" : {
            "ip" : "80.34.121.50"
          }
        },
        "_ingest" : {
          "timestamp" : "2019-02-28T14:02:29.878046Z"
        }
      }
    }
  ]
}

derekmizak · February 28, 2019, 2:12pm

Hi, on _simulate API it works for me as well - no issue. However not when I follow the steps in my post. Any idea what I should be looking at. What I have put in the post is almost 1:1 copy from the documentation. I would appreciate any suggestion

dadoonet · February 28, 2019, 2:16pm

That's because your document is:

{
  "dest.ip":"80.34.121.50"
}

Where mine is:

{
  "dest": {
    "ip":"80.34.121.50" 
  }
}

Not sure why this is not working though and if it is supposed to work with the dot notation.

derekmizak · February 28, 2019, 2:19pm

Hey - bingo - dot notation is not working - once changed it is ok - thank you

dadoonet · February 28, 2019, 2:22pm

When you remove the "ignore_failure": true, then you are getting a proper message:

{
  "docs" : [
    {
      "error" : {
        "root_cause" : [
          {
            "type" : "exception",
            "reason" : "java.lang.IllegalArgumentException: java.lang.IllegalArgumentException: field [dest] not present as part of path [dest.ip]",
            "header" : {
              "processor_type" : "geoip"
            }
          }
        ],
        "type" : "exception",
        "reason" : "java.lang.IllegalArgumentException: java.lang.IllegalArgumentException: field [dest] not present as part of path [dest.ip]",
        "caused_by" : {
          "type" : "illegal_argument_exception",
          "reason" : "java.lang.IllegalArgumentException: field [dest] not present as part of path [dest.ip]",
          "caused_by" : {
            "type" : "illegal_argument_exception",
            "reason" : "field [dest] not present as part of path [dest.ip]"
          }
        },
        "header" : {
          "processor_type" : "geoip"
        }
      }
    }
  ]
}

system · March 28, 2019, 2:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.