I'm trying to understand and implement the geoip ingest plugin to geocode my IP addresses is log files. I am presently using hosted Elastic Cloud, meaning that while I am running my own Logstash instance, ElasticSearch and Kibana are hosted and running on the cloud.
This seems to muddy the waters a bit with understanding some documentation and forum posts, as it seems things can be slightly different when the whole ELK stack is hosted together. The question I have here is of that flavor a bit.
What I am trying to understand is since Elasticsearch is running on the cloud, and with it the geoip ingest plugin also on the cloud -- how / where does geocoding / assigning a value to the geoip fields in an index happen? I've noticed that by turning on this plugin, I now have those geo- fields in my index, though no value has been assigned to them. (My IP-typed fields are being pulled in for some reasons as strings also, but that's a different question).
In this configuration, what is the proper approach to getting those geo- fields properly populated using the cloud-hosted geoip ingest plugin?
Thanks....