Hi,
I'm using elasticsearch 7.4 and have some data indexed with ip in a field. Now i want to use a pipeline to reindex that data and generate geoip information with the ingest-geoip. I created an ingest and if i use it without any change it seems to work but:
PUT _ingest/pipeline/geoip
{
"description" : "Add geoip info",
"processors" : [
{
"geoip" : {
"field" : "dstip",
"target_field" : "dstip-GEOIP",
"ignore_missing" : true,
"database_file" : "GeoLite2-City.mmdb",
"properties" : ["ip", "country_iso_code", "country_name", "continent_name", "region_iso_code", "region_name", "city_name", "timezone", "location"]
}
}
]
}
- If i put the parameter "database_file" if i put a new database file in /usr/share/elasticsearch/modules/ingest-geoip and name in the parameter, i get an error indicating the file does not exists. I have to name it GeoLite2-City.mmdb to avoid that error.
- if i dont use the properties parameter, then the generated information is missing some of the fields.
- If i download the latest GeoLite2-City.mmdb database and copy it to the specified directory, then when i run the reindex i getn an error indicating "com.maxmind.db.InvalidDatabaseException: Unexpected data type returned. The GeoIP2 database may be corrupt." and some other errors like "java.lang.ArrayIndexOutOfBoundsException: Index 47 out of bounds for length 16"
Does anyone cant help?
thanks