Elastic version: 7.0.1 (Docker)
Elastic Components: Elasticsearch, Logstash, APM Server, Kibana
We have the geoip filter pipeline in Elastic, but decided to move it to Logstash to help share the load and reduce overhead on Elastic.
However, we are having problems deriving the source IP from a RUM request in Logstash. We have tried srcip, sourceip, clientip, client.ip and others but are failing miserably.
We're pretty sure it's something simple but are currently stumped and couldn't see any reference for it. Any help on this would be greatly appreciated.