- Plugins and Integrations: other versions:
- Introduction to plugins
- Plugin Management
- API Extension Plugins
- Alerting Plugins
- Analysis Plugins
- Discovery Plugins
- Ingest Plugins
- Management Plugins
- Mapper Plugins
- Security Plugins
- Snapshot/Restore Repository Plugins
- Store Plugins
- Integrations
- Help for plugin authors
Using the Geoip Processor in a Pipeline
editUsing the Geoip Processor in a Pipeline
editTable 2. Geoip options
Name | Required | Default | Description |
---|---|---|---|
|
yes |
- |
The field to get the ip address from for the geographical lookup. |
|
no |
geoip |
The field that will hold the geographical information looked up from the Maxmind database. |
|
no |
GeoLite2-City.mmdb |
The database filename in the geoip config directory. The ingest-geoip plugin ships with the GeoLite2-City.mmdb.gz and GeoLite2-Country.mmdb.gz files. |
|
no |
[ |
Controls what properties are added to the |
|
no |
|
If |
*Depends on what is available in database_field
:
-
If the GeoLite2 City database is used, then the following fields may be added under the
target_field
:ip
,country_iso_code
,country_name
,continent_name
,region_name
,city_name
,timezone
,latitude
,longitude
andlocation
. The fields actually added depend on what has been found and which properties were configured inproperties
. -
If the GeoLite2 Country database is used, then the following fields may be added under the
target_field
:ip
,country_iso_code
,country_name
andcontinent_name
. The fields actually added depend on what has been found and which properties were configured inproperties
.
Here is an example that uses the default city database and adds the geographical information to the geoip
field based on the ip
field:
PUT _ingest/pipeline/geoip { "description" : "Add geoip info", "processors" : [ { "geoip" : { "field" : "ip" } } ] } PUT my_index/my_type/my_id?pipeline=geoip { "ip": "8.8.8.8" } GET my_index/my_type/my_id
Which returns:
{ "found": true, "_index": "my_index", "_type": "my_type", "_id": "my_id", "_version": 1, "_source": { "ip": "8.8.8.8", "geoip": { "continent_name": "North America", "country_iso_code": "US", "region_name": "California", "city_name": "Mountain View", "location": { "lat": 37.386, "lon": -122.0838 } } } }
Here is an example that uses the default country database and adds the
geographical information to the geo
field based on the ip
field`. Note that
this database is included in the plugin download. So this:
PUT _ingest/pipeline/geoip { "description" : "Add geoip info", "processors" : [ { "geoip" : { "field" : "ip", "target_field" : "geo", "database_file" : "GeoLite2-Country.mmdb.gz" } } ] } PUT my_index/my_type/my_id?pipeline=geoip { "ip": "8.8.8.8" } GET my_index/my_type/my_id
returns this:
{ "found": true, "_index": "my_index", "_type": "my_type", "_id": "my_id", "_version": 1, "_source": { "ip": "8.8.8.8", "geo": { "continent_name": "North America", "country_iso_code": "US", } } }
Not all IP addresses find geo information from the database, When this
occurs, no target_field
is inserted into the document.
Here is an example of what documents will be indexed as when information for "93.114.45.13" cannot be found:
PUT _ingest/pipeline/geoip { "description" : "Add geoip info", "processors" : [ { "geoip" : { "field" : "ip" } } ] } PUT my_index/my_type/my_id?pipeline=geoip { "ip": "93.114.45.13" } GET my_index/my_type/my_id
Which returns:
{ "found": true, "_index": "my_index", "_type": "my_type", "_id": "my_id", "_version": 1, "_source": { "ip": "93.114.45.13" } }
Node Settings
editThe geoip processor supports the following setting:
-
ingest.geoip.cache_size
-
The maximum number of results that should be cached. Defaults to
1000
.
Note that these settings are node settings and apply to all geoip processors, i.e. there is one cache for all defined geoip processors.
On this page
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now