OpenSearch/docs/plugins/ingest-geoip.asciidoc

[[ingest-geoip]]
== Ingest Geoip Processor Plugin

The GeoIP processor adds information about the geographical location of IP addresses, based on data from the Maxmind databases.
This processor adds this information by default under the `geoip` field.

The ingest-geoip plugin ships by default with the GeoLite2 City and GeoLite2 Country geoip2 databases from Maxmind made available
under the CCA-ShareAlike 3.0 license. For more details see, http://dev.maxmind.com/geoip/geoip2/geolite2/

The GeoIP processor can run with other geoip2 databases from Maxmind. The files must be copied into the geoip config directory
and the `database_file` option should be used to specify the filename of the custom database. The geoip config directory
is located at `$ES_HOME/config/ingest/geoip` and holds the shipped databases too.

[[geoip-options]]
.Geoip options
[options="header"]
|======
| Name                   | Required  | Default                                                                            | Description
| `source_field`         | yes       | -                                                                                  | The field to get the ip address or hostname from for the geographical lookup.
| `target_field`         | no        | geoip                                                                              | The field that will hold the geographical information looked up from the Maxmind database.
| `database_file`        | no        | GeoLite2-City.mmdb                                                                 | The database filename in the geoip config directory. The ingest-geoip plugin ships with the GeoLite2-City.mmdb and GeoLite2-Country.mmdb files.
| `fields`               | no        | [`continent_name`, `country_iso_code`, `region_name`, `city_name`, `location`] <1> | Controls what properties are added to the `target_field` based on the geoip lookup.
|======

<1> Depends on what is available in `database_field`:
* If the GeoLite2 City database is used then the following fields may be added under the `target_field`: `ip`,
`country_iso_code`, `country_name`, `continent_name`, `region_name`, `city_name`, `timezone`, `latitude`, `longitude`
and `location`. The fields actually added depend on what has been found and which fields were configured in `fields`.
* If the GeoLite2 Country database is used then the following fields may be added under the `target_field`: `ip`,
`country_iso_code`, `country_name` and `continent_name`.The fields actually added depend on what has been found and which fields were configured in `fields`.

An example that uses the default city database and adds the geographical information to the `geoip` field based on the `ip` field:

[source,js]
--------------------------------------------------
{
  "description" : "...",
  "processors" : [
    {
      "geoip" : {
        "source_field" : "ip"
      }
    }
  ]
}
--------------------------------------------------

An example that uses the default country database and add the geographical information to the `geo` field based on the `ip` field`:

[source,js]
--------------------------------------------------
{
  "description" : "...",
  "processors" : [
    {
      "geoip" : {
        "source_field" : "ip",
        "target_field" : "geo",
        "database_file" : "GeoLite2-Country.mmdb"
      }
    }
  ]
}
--------------------------------------------------
update ingest docs - move ingest plugin docs to core reference docs - move geoip processor docs to plugins/ingest-geoip.asciidoc - add missing options tables for some processors - add description of pipeline definition - add description of processor definitions including common parameters like "tag" and "on_failure" 2016-01-25 15:06:39 -05:00			`[[ingest-geoip]]`
			`== Ingest Geoip Processor Plugin`

			`The GeoIP processor adds information about the geographical location of IP addresses, based on data from the Maxmind databases.`
			This processor adds this information by default under the `geoip` field.

docs: Remove the fact that ingest was a plugin from the docs. 2016-01-26 08:52:40 -05:00			`The ingest-geoip plugin ships by default with the GeoLite2 City and GeoLite2 Country geoip2 databases from Maxmind made available`
update ingest docs - move ingest plugin docs to core reference docs - move geoip processor docs to plugins/ingest-geoip.asciidoc - add missing options tables for some processors - add description of pipeline definition - add description of processor definitions including common parameters like "tag" and "on_failure" 2016-01-25 15:06:39 -05:00			`under the CCA-ShareAlike 3.0 license. For more details see, http://dev.maxmind.com/geoip/geoip2/geolite2/`

			`The GeoIP processor can run with other geoip2 databases from Maxmind. The files must be copied into the geoip config directory`
			and the `database_file` option should be used to specify the filename of the custom database. The geoip config directory
			is located at `$ES_HOME/config/ingest/geoip` and holds the shipped databases too.

			`[[geoip-options]]`
			`.Geoip options`
			`[options="header"]`
			`\|======`
			`\| Name \| Required \| Default \| Description`
			\| `source_field` \| yes \| - \| The field to get the ip address or hostname from for the geographical lookup.
			\| `target_field` \| no \| geoip \| The field that will hold the geographical information looked up from the Maxmind database.
docs: Remove the fact that ingest was a plugin from the docs. 2016-01-26 08:52:40 -05:00			\| `database_file` \| no \| GeoLite2-City.mmdb \| The database filename in the geoip config directory. The ingest-geoip plugin ships with the GeoLite2-City.mmdb and GeoLite2-Country.mmdb files.
update ingest docs - move ingest plugin docs to core reference docs - move geoip processor docs to plugins/ingest-geoip.asciidoc - add missing options tables for some processors - add description of pipeline definition - add description of processor definitions including common parameters like "tag" and "on_failure" 2016-01-25 15:06:39 -05:00			\| `fields` \| no \| [`continent_name`, `country_iso_code`, `region_name`, `city_name`, `location`] <1> \| Controls what properties are added to the `target_field` based on the geoip lookup.
			`\|======`

			<1> Depends on what is available in `database_field`:
			* If the GeoLite2 City database is used then the following fields may be added under the `target_field`: `ip`,
			`country_iso_code`, `country_name`, `continent_name`, `region_name`, `city_name`, `timezone`, `latitude`, `longitude`
			and `location`. The fields actually added depend on what has been found and which fields were configured in `fields`.
			* If the GeoLite2 Country database is used then the following fields may be added under the `target_field`: `ip`,
			`country_iso_code`, `country_name` and `continent_name`.The fields actually added depend on what has been found and which fields were configured in `fields`.

			An example that uses the default city database and adds the geographical information to the `geoip` field based on the `ip` field:

			`[source,js]`
			`--------------------------------------------------`
			`{`
			`"description" : "...",`
			`"processors" : [`
			`{`
			`"geoip" : {`
			`"source_field" : "ip"`
			`}`
			`}`
			`]`
			`}`
			`--------------------------------------------------`

			An example that uses the default country database and add the geographical information to the `geo` field based on the `ip` field`:

			`[source,js]`
			`--------------------------------------------------`
			`{`
			`"description" : "...",`
			`"processors" : [`
			`{`
			`"geoip" : {`
			`"source_field" : "ip",`
			`"target_field" : "geo",`
			`"database_file" : "GeoLite2-Country.mmdb"`
			`}`
			`}`
			`]`
			`}`
			`--------------------------------------------------`