GeoIP Procesor

Priyanka_chauhan · May 28, 2025, 4:59am

Hi All,
I dont have direct internet on my elk cluster , But I want to use geoip processor through ingest pipeline using elastic agent . But in logs it is showing there is no database available. I have downloaded the maxmind database and transfer in data ingest node of cluster in path :/usr/share/elasticsearch/ingest-geoip/
. How can I resolve it either using proxy or offline ?

Tortoise · May 28, 2025, 8:55am

Hello @Priyanka_chauhan

I believe to use offline DB

PUT /_cluster/settings
{
  "persistent": {
    "ingest.geoip.downloader.enabled": false
  }
}

I see your .mmdb file is already in the correct location

PUT _ingest/pipeline/geoip-info
{
  "description": "Add geoip info",
  "processors": [
    {
      "geoip": {
        "field": "client.ip",
        "target_field": "client.geo",
        "database_file": "GeoLite2-City.mmdb",
        "ignore_missing": true
      }
    }
  ]
}

Thanks!!

RainTown · May 28, 2025, 11:58am

@Priyanka_chauhan be reminded that the maxmind databases are dynamic, you likely want to refresh them according to your chosen schedule appropriate for your use case.

@Tortoise or others maybe know if you need do anything each time a database_file change (due to external factor) happens, or if elasticsearch will just notice automatically.

Topic		Replies	Views
Geoip error (expected database) Elasticsearch	1	600	December 13, 2019
How to use custom GeoIP2 database in elasticsearch? Elasticsearch	4	2025	September 25, 2019
GeoIP processor / setup? Kibana ingest-pipeline	9	3815	March 25, 2022
Problems using ingest-geoip in elasticsearch Elasticsearch	1	638	September 9, 2020
How to update the GeoIP Databases for Elastic Ingest Pipelines Elasticsearch ingest-pipeline	5	3781	June 29, 2021

GeoIP Procesor

Related topics