Hello,
We're looking to make our GeoLite Database being updated automatically at regular interval.
How is behaving LS - geoip filter when file is updated?
Thanks
Bruno Lavoie
I don't believe it caches anything in memory itself, so you can probably replace it manually, but you should test this first!
We do something similar. For whatever reason we didn't see it take effect until Logstash was restarted. But we were only looking at one very common IP in our logs.
If you check the documentation there is a config value you can set. Sounds like it does cache a certain amount of IP's. I have no idea how long it stays in there though before being evicted though. Could be a few minutes, could be forever. It is outside of my expertise.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.