I meet the issue and I don't know why? Does anybody know the reason?
Jan 14 10:23:18 OANWELKL1 logstash[4874]: [2022-01-14T10:23:18,644][WARN ][org.logstash.instrument.metrics.gauge.LazyDelegatingGauge][main] A gauge metric of an unknown type (org.jruby.RubySymbol) has been
Jan 14 10:23:18 OANWELKL1 logstash[4874]: [2022-01-14T10:23:18,657][WARN ][org.logstash.instrument.metrics.gauge.LazyDelegatingGauge] A gauge metric of an unknown type (org.jruby.RubySymbol) has been create
Jan 14 10:23:20 OANWELKL1 logstash[4874]: [2022-01-14T10:23:20,050][ERROR][logstash.filters.geoip.databasemanager] Connection reset {:cause=>java.net.SocketException: Connection reset}
Jan 14 10:23:20 OANWELKL1 logstash[4874]: [2022-01-14T10:23:20,121][INFO ][logstash.filters.geoip ][main] Using geoip database {:path=>"/var/lib/logstash/plugins/filters/geoip/CC/GeoLite2-City.mmdb"}
The geoip filter is based on a library from MaxMind. In 2021 they changed the licence on the API that Elastic uses to require that users keep their database up-to-date by downloading a new database from MaxMind every couple of weeks. Much more detail here.
If you need to work in an air-gapped environment you can do the downloads from MaxMind yourself and update the databases that the filter uses. That is also explained in the documentation I linked to.
Note also that if you can find a CC-licensed DB rather than a EULA-licensed DB then the filter should be happy to use that (out-of-date) data forever.
I think the filter comes with a very old CC-licensed database (1.2.2 from 2017) so unless an online update has occurred an air-gapped install should work.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.