How to update the geoip with the new?

zqc0512 · March 16, 2018, 5:19am

how to update the geoip with the new?
can give a docs?
i find some iP in my geoip can't output the city.

Christian_Dahlqvist · March 16, 2018, 9:16am

Can you provide an example of a problematic document?

zqc0512 · March 19, 2018, 6:47am

thi ip is like 223.104.254.1
can't use geoip match city. only china CN the city is bejing.
@Christian_Dahlqvist

Christian_Dahlqvist · March 19, 2018, 7:13am

Is the problem is that the mapping is not correct for China when using the open-source version of the Geolite2 database? If that is the case, the geoip plugin also supports commercial databases from MaxMind, which may contain better mappings for your region.

zqc0512 · March 19, 2018, 7:15am

yes i know .i wan't to know how to use the last new Geolite2 database in elasticsearch
thanks.

Christian_Dahlqvist · March 19, 2018, 7:21am

Have you tried downloading it from the MaxMind website and configure the geoip plugin to use it?

zqc0512 · March 19, 2018, 7:23am

no ,i don't know how do about it .so need help. how configure the geoip plugin .with MaxMind i don't know. can give a doc?
thanks.

Christian_Dahlqvist · March 19, 2018, 7:33am

https://www.elastic.co/guide/en/elasticsearch/plugins/current/using-ingest-geoip.html

https://www.elastic.co/guide/en/logstash/current/plugins-filters-geoip.html

zqc0512 · March 19, 2018, 7:35am

with logstash in data to es the logstash need update the plugin?
https://www.elastic.co/guide/en/logstash/5.6/plugins-filters-geoip.html

Christian_Dahlqvist · March 19, 2018, 7:38am

There are two geoip plugins, one for Logstash and one for ingest node. Pick the one that is appropriate. I believe you will need to manually download a new database and then configure the plugin ton use this.

zqc0512 · March 19, 2018, 7:40am

ok i will use logstash to test it
now data from logstash to es.
thanks.

zqc0512 · March 19, 2018, 7:46am

in https://www.elastic.co/guide/en/logstash/current/plugins-filters-geoip.html#plugins-filters-geoip-database

database
Value type is path
There is no default value for this setting.
The path to Maxmind’s database file that Logstash should use. The default database is GeoLite2-City. GeoLite2-City, GeoLite2-Country, GeoLite2-ASN are the free databases from Maxmind that are supported. GeoIP2-City, GeoIP2-ISP, GeoIP2-Country are the commercial databases from Maxmind that are supported.

If not specified, **this will default to the GeoLite2 City database that ships with Logstash**.

i find this i won't to know where to use default Geolite2 database .
i can copy the GeoLite2-City file replacte to the default with logstash?

Christian_Dahlqvist · March 19, 2018, 7:50am

Have you downloaded a new database from the maxMind web site? If so, place this in a suitable path and use this path when configuring the plugin.

zqc0512 · March 19, 2018, 7:53am

OK
this have three from https://dev.maxmind.com/geoip/geoip2/geolite2/
Downloads
GeoLite2 City
GeoLite2 Country
GeoLite2 ASN (Autonomous System Number)

all down or use city and country?

Christian_Dahlqvist · March 19, 2018, 7:55am

As indicated by the documentation, Logstash uses the City database by default. I have not tried using any of the others, so am not sure whether they are compatible or not.

zqc0512 · March 19, 2018, 7:57am

ok i will try
thanks so much

zqc0512 · March 20, 2018, 1:06am

i update te geoip city database it know can output the city
thanks.

system · April 17, 2018, 1:06am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.