I recently open a thread on the demand to move from GeoIP to IP2location (see GeoIP Lite EOL pipeline filter) and i am now trying. How ever, i failed in my uses cases. I use the GeoIp pipeline filter to fill the GeoIP values from an IP address extracted from syslog-events. I just realised that a logstash-plugin exists but no elastisearch-plugin. Hence a pipeline filter has no sense right ? It means that GeoIP pipeline filter was working but IP2location will not.
It should be a small task to create a similar ip2location plugin for elastisearch based on the GeoIP plugin right ? How do you see the task to do it ?
Hi christian, thanks for challenging the idea. I did not run the process in logstash as the IP ( i would like info about) is extracted from a syslog messages transmit by my home router. The IP is then affected to a private field by elastisearch and will be processed as input of the GeoIP filter. Example : I am looking after the character SRC= :
Once affected to the private field , I run the GeoIP pipeline filter on this private variable.
In this uses cases i did not know how to do it with ip2location. I also would like that we keep free this functionality. True, If the company behind ip2location is not an engine on this then we can find another alternative too. no worries. agree. if we have to do something (as free personnal end user) then we can. thats' why i am asking ? all good.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
New try for the thread