Hello everyone!
I'm new here (and an ES novice) so please bear with me ...
I have a setup of ELK using docker (just default images) and I'm sending some logs off an nginx webserver directly to ES using filebeat installed via the deb package.
My only configuration was to enable nginx module and provide the paths to access and error logs respectively.
Now, I know my setup works because if I process only the error log, all is perfect!
However, if I enable access log, I get this:
2018-04-29T18:27:15.972Z ERROR pipeline/output.go:74 Failed to connect: Connection marked as failed because the onConnect callback failed: Error loading pipeline for fileset nginx/access: couldn't load pipeline: couldn't load json. Error: 400 Bad Request: {"error":{"root_cause":[{"type":"parse_exception","reason":"[database_file] database file [GeoLite2-City.mmdb.gz] doesn't exist","header":{"processor_type":"geoip","property_name":"database_file"}}],"type":"parse_exception",
I believe it comes from ES? However, geoip ingest is installed (comes by default it seems). Is there some setup I need to do that this doesn't account for? The documentation mentions that the GeoLite2 City database is bundled, but this doesn't seem to be the case.
Thanks!