65 lines
3.3 KiB
Plaintext
65 lines
3.3 KiB
Plaintext
|
[[ingest-geoip]]
|
||
|
== Ingest Geoip Processor Plugin
|
||
|
|
||
|
The GeoIP processor adds information about the geographical location of IP addresses, based on data from the Maxmind databases.
|
||
|
This processor adds this information by default under the `geoip` field.
|
||
|
|
||
|
The ingest plugin ships by default with the GeoLite2 City and GeoLite2 Country geoip2 databases from Maxmind made available
|
||
|
under the CCA-ShareAlike 3.0 license. For more details see, http://dev.maxmind.com/geoip/geoip2/geolite2/
|
||
|
|
||
|
The GeoIP processor can run with other geoip2 databases from Maxmind. The files must be copied into the geoip config directory
|
||
|
and the `database_file` option should be used to specify the filename of the custom database. The geoip config directory
|
||
|
is located at `$ES_HOME/config/ingest/geoip` and holds the shipped databases too.
|
||
|
|
||
|
[[geoip-options]]
|
||
|
.Geoip options
|
||
|
[options="header"]
|
||
|
|======
|
||
|
| Name | Required | Default | Description
|
||
|
| `source_field` | yes | - | The field to get the ip address or hostname from for the geographical lookup.
|
||
|
| `target_field` | no | geoip | The field that will hold the geographical information looked up from the Maxmind database.
|
||
|
| `database_file` | no | GeoLite2-City.mmdb | The database filename in the geoip config directory. The ingest plugin ships with the GeoLite2-City.mmdb and GeoLite2-Country.mmdb files.
|
||
|
| `fields` | no | [`continent_name`, `country_iso_code`, `region_name`, `city_name`, `location`] <1> | Controls what properties are added to the `target_field` based on the geoip lookup.
|
||
|
|======
|
||
|
|
||
|
<1> Depends on what is available in `database_field`:
|
||
|
* If the GeoLite2 City database is used then the following fields may be added under the `target_field`: `ip`,
|
||
|
`country_iso_code`, `country_name`, `continent_name`, `region_name`, `city_name`, `timezone`, `latitude`, `longitude`
|
||
|
and `location`. The fields actually added depend on what has been found and which fields were configured in `fields`.
|
||
|
* If the GeoLite2 Country database is used then the following fields may be added under the `target_field`: `ip`,
|
||
|
`country_iso_code`, `country_name` and `continent_name`.The fields actually added depend on what has been found and which fields were configured in `fields`.
|
||
|
|
||
|
An example that uses the default city database and adds the geographical information to the `geoip` field based on the `ip` field:
|
||
|
|
||
|
[source,js]
|
||
|
--------------------------------------------------
|
||
|
{
|
||
|
"description" : "...",
|
||
|
"processors" : [
|
||
|
{
|
||
|
"geoip" : {
|
||
|
"source_field" : "ip"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
--------------------------------------------------
|
||
|
|
||
|
An example that uses the default country database and add the geographical information to the `geo` field based on the `ip` field`:
|
||
|
|
||
|
[source,js]
|
||
|
--------------------------------------------------
|
||
|
{
|
||
|
"description" : "...",
|
||
|
"processors" : [
|
||
|
{
|
||
|
"geoip" : {
|
||
|
"source_field" : "ip",
|
||
|
"target_field" : "geo",
|
||
|
"database_file" : "GeoLite2-Country.mmdb"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
--------------------------------------------------
|