Currently Kibana uses ParseDMARC objects to import the data. Two of the fields are Source_IP and Destination_IP. I'd like to convert these objects to locations so I can visualize these on a map. I read that GeoIP is included in Elastic, but I'm not sure how to connect ParseDMARC data to GeoIP and import it into Kibana.
Has anyone done this before and if so, is there a guide on how to do this?
Did you see this part of the instructions you linked?
ParseDMARC will need to download MaxMind GeoIP database to /usr/share/elasticsearch/modules/ingest-geoip directory, so the parsedmarc user needs to have write permission.
I must've missed that part.. I'll have a look at that! So after giving write permission to the directory I should be able to translate IP's to locations in the kibana dashboard? I'm not sure how or where to do this..
According to the instructions, if you run that command it'll download the geoip database it needs, then when you restart the process it'll start to do the geolocation.
Sorry for the late response, I used the command u posted and tried to add the data in Kibana. I have the following options:
But if I click one i get this message:
Do you have any tips on what I can check to troubleshoot this issue?
Thanks!
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
