We have a Maxmind site license and download updates every week. Logstash (1.5.0rc) config has a geoip filter with database parameter to point to the downloaded database.
But does the filter detect a new db? Or does it require a logstash restart to pickup fresh data.
I've tried answering my question by reading the filter and geoip-module code, but no luck.
At this point, Logstash requires a restart to use an updated db, or any configuration change.
With Logstash 2.0 we are going to use an API-based setup which will allow pipelines to be created/stopped/started on the fly, which will permit on-the-fly updates of this nature.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.