Nginx-ingress-controller-access, _geoip_database_unavailable_GeoLite2-City.mmdb, _geoip_database_unavailable_GeoLite2-ASN.mmdb

Subrahmanyam_Veerank · March 1, 2024, 4:26am

yes sir, tried with jvm options. so other option we might to need look into is manual updation. But i didnt find any url to download those .mmdb files.

Subrahmanyam_Veerank · March 1, 2024, 4:27am

whether we need to create an account to download those files?

stephenb · March 1, 2024, 4:55am

Yes you will, I did when I tested last year... You will need to create an account except the terms and then download from their site

Did you try the trace logs to see if there was any more specific/ details that could help?

rtwolfe94022 · March 1, 2024, 5:31am

The issue you're experiencing with missing geolocation tags in your Nginx ingress controller logs, indicated by the tags _geoip_database_unavailable_GeoLite2-City.mmdb and _geoip_database_unavailable_GeoLite2-ASN.mmdb , suggests that the GeoIP databases required for geolocation enrichment are not accessible or available in your Elastic Agent setup on Kubernetes. The commands you've tried aim to toggle the GeoIP database downloader, but if the problem persists, it could be due to either network restrictions preventing the download of GeoIP databases or a misconfiguration in the Elastic Agent or the Ingest pipelines. To resolve this, ensure that your Elastic Agent has internet access to download the GeoIP databases or manually download and configure the GeoIP databases in the expected location. Additionally, verify that your ingest pipelines that utilize GeoIP processors are correctly configured and pointing to the location of the GeoIP databases.

Subrahmanyam_Veerank · March 14, 2024, 9:36am

sir.. i have downloaded the .mmdb files how to proceed further?

~/geoip_downloaded$ ls
COPYRIGHT.txt GeoLite2-City.mmdb GeoLite2-Country.mmdb LICENSE.txt
elastic-geoip-database-service-agreement-LICENSE.txt GeoLite2-City.tgz GeoLite2-Country.tgz README.txt

stephenb · March 14, 2024, 1:53pm

The instructions are here

Subrahmanyam_Veerank · March 15, 2024, 4:51am

As per the instructions i have copied the .mmdb files in /usr/share/elasticsearch/modules/ingest-geoip/ in all the data nodes.

i didnt get how to configure the custom database_file in our geoip processor as per the below instruction.

"In your geoip processors, configure the database_file parameter to use a custom database file."

root@elk01:/home/cept# cd /usr/share/elasticsearch/modules/ingest-geoip/
root@elk01:/usr/share/elasticsearch/modules/ingest-geoip# ls
COPYRIGHT.txt                                         GeoLite2-Country.tgz            maxmind-db-3.0.0.jar
elastic-geoip-database-service-agreement-LICENSE.txt  ingest-geoip-8.11.4.jar         plugin-descriptor.properties
geoip2-4.0.0.jar                                      jackson-annotations-2.15.0.jar  plugin-security.policy
GeoLite2-City.mmdb                                    jackson-core-2.15.0.jar         README.txt
GeoLite2-City.tgz                                     jackson-databind-2.15.0.jar
GeoLite2-Country.mmdb                                 LICENSE.txt
root@elk01:/usr/share/elasticsearch/modules/ingest-geoip# ls -lrt *.mmdb
-rw-r--r-- 1 root root 57755153 Mar 13 15:08 GeoLite2-City.mmdb
-rw-r--r-- 1 root root  6438391 Mar 13 15:08 GeoLite2-Country.mmdb

stephenb · March 15, 2024, 5:03am

Since it looks like you are the default database file name looks
I do not think you need to set it.

You set it in the geoip processor examples are on the same doc page I referred you to.

Field.        Required Default 
database_file.    no     GeoLite2-City.mmdb

PUT _ingest/pipeline/geoip
{
  "description" : "Add geoip info",
  "processors" : [
    {
      "geoip" : {
        "field" : "ip",
        "target_field" : "geo",
        "database_file" : "GeoLite2-City.mmdb"
      }
    }
  ]

Subrahmanyam_Veerank · March 15, 2024, 5:13am

i gave the the field name as source.ip and tried with a single doc to test the pipeline but still getting error as database unavailable..

"source": {
"address": "106.216.235.73",
"ip": "106.216.235.73"
},
"url": {
"path": "/asp/api/v2/apswo",
"original": "/asp/api/v2/apswo"
},
"tags": [
"nginx-ingress-controller-access",
"_geoip_database_unavailable_GeoLite2-City.mmdb",
"_geoip_database_unavailable_GeoLite2-ASN.mmdb",
"_geoip_database_unavailable_GeoLite2-Country.mmdb"
],

Whether is it required to rename the downloaded database files?
or the database files that i have copied in the path /usr/share/elasticsearch/modules/ingest-geoip/ whether path is correct or not?

stephenb · March 15, 2024, 2:45pm

The instructions say

On self-managed deployments copy the database files to $ES_CONFIG/ingest-geoip.

Assuming a normal installation

Directory layout here

/etc/elasticsearch/ingest-geoip

Subrahmanyam_Veerank · March 18, 2024, 8:48am

Copied the downloaded database files .mmdb to the /etc/elasticsearch/ingest-geoip on all the data nodes and configured custom pipeline. And it`s working fine. Thanks sir

system · April 15, 2024, 8:48am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SentinelOne integration GeoIP database error SIEM elastic-agent	3	479	June 10, 2023
Geoip2 ASN resolution in Ingest Pipeline Elasticsearch ingest-pipeline	6	161	April 22, 2024
Elastic Observability Engineer Lab 5.4 - geoip database unavailable Elastic Training	2	380	October 26, 2022
GEOIP Database Update Issue: Documentation Followed, Databases Not Updating on Ingest Nodes Elasticsearch ingest-pipeline	19	605	February 27, 2024
GeoIP processor / setup? Kibana ingest-pipeline	9	3465	March 25, 2022

Nginx-ingress-controller-access, _geoip_database_unavailable_GeoLite2-City.mmdb, _geoip_database_unavailable_GeoLite2-ASN.mmdb

Related topics