Logstash Filters and Geoip database option

I want to be able to use a more updated version of the GeoLiteCity Database. However, when running Logstash with this configuration I get what seems to be a permissions error and I'm not sure how to fix that because I'm running Logstash as an admin.

My second question pertains to the if statements within the filter. I want to use the IPv4 database if the ipAddress that I have is obviously of that type and same for IPv6. However, whenever I run Logstash I am unable to get the IPv6 addresses to be properly recognized and it always goes into the else statement. Could someone help me in determining where I am going wrong with my if statements.

I posted the filter option from my configuration file below.

filter { if ([Payload_ipAddress] =~ /:/ ){ geoip { source => "Payload_ipAddress" target => "geoip" database => "c:/Logstash/GeoLiteCityv6" add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ] add_field => [ "[geoip][coordinates]", "%{[geowhich ip][latitude]}"] } mutate { convert => [ "[geoip][coordinates]", "float"] } } else { geoip { source => "Payload_ipAddress" target => "geoip" database => "c:/Logstash/GeoLiteCityIPv4" add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ] add_field => [ "[geoip][coordinates]", "%{[geowhich ip][latitude]}" ] } mutate { convert => [ "[geoip][coordinates]", "float"] } } mutate { remove_field => [ "@timestamp", "@version" ] } }

Providing more details on this would be helpful.

LS doesn't understand IPv6 at this point.

Of course, I wasn't entirely sure how to phrase my meaning and my environment is now different so I don't have the exact error message anymore. I will try to replicate it and post and update to this

Okay, I know I had seen some people using filters to determine if it was IPv6 and then if it was they would use the beta version of GeoLiteCity's IPv6 database but I have been unable to get any of these to work, because in my case it defaults to the else statement and then throws the permission error