Maxmind mmdb - Logstash geoip

gugansankar · August 18, 2015, 8:21am

Hi,

Is it possible to mention mmdb in logstash geoip section and also Does logstash support mmdb as like below configuration ?.

geoip {
source => "clientip"
target => "geoip"
database =>"/tmp/geoip.mmdb"
}

gugansankar · August 19, 2015, 5:30am

Any idea ?.

Brent_Payne · September 1, 2015, 6:12pm

looks like logstash only supports the legacy free MaxMind databases which are in .dat format. The paid and updated versions are in mmdb format. Doesn't look like there is an easy way to convert from mmdb to dat, but it might be possible. I already have a preprocessing step prior to logstash so I'm moving my maxmind ETL there. If we decide to go with logstash -> ES. I'll look into creating a new filter and placing it on github.

gugansankar · September 22, 2015, 8:15am

@Brent_Payne Thanks for your reply.

Please update the status/share the github url here if you created new filter for this. So that I can make use of it.