After GeoIP Update using geoip.elastic.co we see strange behavior country for ip 1.1.1.1 not detected and organization_name became "CLOUDFLARENET" instead of "Cloudflare, Inc".
When we use simulate API we get old data (country and format "Cloudflare, Inc") which is completely differ from what we get in index using the same ingest pipeline.
ES version 7.17
Please help if you have any ideas what is going on.
Seems I have found an answer why simulate pipeline returns old data - How to update the GeoIP Databases for Elastic Ingest Pipelines - #3 by nverrill
1 Like
In our case kibana points to dedicated coordinating nodes and after updating geoip datadase using geoip.elastic.co we've got geoip database updated on data nodes and ingest nodes only.
Coordinating nodes haven't been updated thats why kibana simulate API return old data.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.