Skip to content

Support MaxMind GeoIP2-ISP.mmdb Database for Geoip Processor #80748

New issue
New issue
Closed
Closed
Support MaxMind GeoIP2-ISP.mmdb Database for Geoip Processor#80748
Assignees
tylerperk
Labels
:Data Management/Ingest NodeExecution or management of Ingest Pipelines including GeoIP>enhancementTeam:Data ManagementMeta label for data/management team
@bvader

Description

@bvader
bvader
opened on Nov 16, 2021

Please Support the MaxMind GeoIP2-ISP.mmdb Commercially Licensed Database it is part of the commercially available MaxMind Databases.

See MaxMind DBs Here

As a User I would like to enrich incoming IPs with ISP information.

Today Logstash does support enriching with this GeoIP2-ISP.mmdb database however Elasticsearch Geoip processor does not.

PUT _ingest/pipeline/isp-lookup
{
  "description": "Adds geoip info for ECS documents",
  "processors": [
    {
      "geoip": {
        "database_file": "GeoIP2-ISP.mmdb",
        "field": "client.ip",
        "ignore_missing": true,
        "target_field": "client.as"
      }
    }
  ]
}

{
  "error" : {
    "root_cause" : [
      {
        "type" : "parse_exception",
        "reason" : "[database_file] Unsupported database type [GeoIP2-ISP]",
        "property_name" : "database_file",
        "processor_type" : "geoip"
      }
    ],
    "type" : "parse_exception",
    "reason" : "[database_file] Unsupported database type [GeoIP2-ISP]",
    "property_name" : "database_file",
    "processor_type" : "geoip"
  },
  "status" : 400
}

Metadata

Metadata

Assignees

Labels

:Data Management/Ingest NodeExecution or management of Ingest Pipelines including GeoIP>enhancementTeam:Data ManagementMeta label for data/management team

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions