GeoIP processor / setup?

Balu · February 25, 2022, 3:30pm

I am confused myself

My concern is missing geoip data for example for the System integration SSH login attemps dashboard. Logs have an source.ip field, but the source.geo.country_iso_code is empty.

The documents also have tags _geoip_database_unavailable_GeoLite2-City.mmdb, _geoip_database_unavailable_GeoLite2-ASN.mmdb set.

curl -k -X GET "https://localhost:9200/_ingest/geoip/stats?pretty"
{
  "stats" : {
    "successful_downloads" : 0,
    "failed_downloads" : 0,
    "total_download_time" : 0,
    "databases_count" : 0,
    "skipped_updates" : 0,
    "expired_databases" : 0
  },
  "nodes" : { }
}

I will try to "turn it off and on again" and report back…

Topic		Replies	Views
New GeoIP ingest processor is missing databases, but existing GeoIP processors work fine Elasticsearch ingest-pipeline	15	1894	January 3, 2023
Elastic Observability Engineer Lab 5.4 - geoip database unavailable Elastic Training	2	430	October 26, 2022
Disabling geoip downloader is not working (elastic 7.16.2 and java 11) Elasticsearch	6	1508	May 15, 2022
How to disable geoip usage in 7.14.0 Elasticsearch	22	50087	October 12, 2021
GEOIP Database Update Issue: Documentation Followed, Databases Not Updating on Ingest Nodes Elasticsearch ingest-pipeline	19	920	February 27, 2024

GeoIP processor / setup?

Related topics