Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: cd0473159a
Branches Tags
elasticsearch
/
docs
/
plugins
/
ingest-geoip.asciidoc

ingest-geoip.asciidoc 4.2 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. [[ingest-geoip]]
    2. 

  2. === Ingest Geoip Processor Plugin
    3. 

  3. 

  4. The GeoIP processor adds information about the geographical location of IP addresses, based on data from the Maxmind databases.
    5. 

  5. This processor adds this information by default under the `geoip` field.
    6. 

  6. 

  7. The ingest-geoip plugin ships by default with the GeoLite2 City and GeoLite2 Country geoip2 databases from Maxmind made available
    8. 

  8. under the CCA-ShareAlike 3.0 license. For more details see, http://dev.maxmind.com/geoip/geoip2/geolite2/
    9. 

  9. 

  10. The GeoIP processor can run with other geoip2 databases from Maxmind. The files must be copied into the geoip config directory,
    11. 

  11. and the `database_file` option should be used to specify the filename of the custom database. Custom database files must be compressed
    12. 

  12. with gzip. The geoip config directory is located at `$ES_HOME/config/ingest/geoip` and holds the shipped databases too.
    13. 

  13. 

  14. [[ingest-geoip-install]]
    15. 

  15. [float]
    16. 

  16. ==== Installation
    17. 

  17. 

  18. This plugin can be installed using the plugin manager:
    19. 

  19. 

  20. [source,sh]
    21. 

  21. ----------------------------------------------------------------
    22. 

  22. sudo bin/elasticsearch-plugin install ingest-geoip
    23. 

  23. ----------------------------------------------------------------
    24. 

  24. 

  25. The plugin must be installed on every node in the cluster, and each node must
    26. 

  26. be restarted after installation.
    27. 

  27. 

  28. [[ingest-geoip-remove]]
    29. 

  29. [float]
    30. 

  30. ==== Removal
    31. 

  31. 

  32. The plugin can be removed with the following command:
    33. 

  33. 

  34. [source,sh]
    35. 

  35. ----------------------------------------------------------------
    36. 

  36. sudo bin/elasticsearch-plugin remove ingest-geoip
    37. 

  37. ----------------------------------------------------------------
    38. 

  38. 

  39. The node must be stopped before removing the plugin.
    40. 

  40. 

  41. [[using-ingest-geoip]]
    42. 

  42. ==== Using the Geoip Processor in a Pipeline
    43. 

  43. 

  44. [[ingest-geoip-options]]
    45. 

  45. .Geoip options
    46. 

  46. [options="header"]
    47. 

  47. |======
    48. 

  48. | Name                   | Required  | Default                                                                            | Description
    49. 

  49. | `field`                | yes       | -                                                                                  | The field to get the ip address from for the geographical lookup.
    50. 

  50. | `target_field`         | no        | geoip                                                                              | The field that will hold the geographical information looked up from the Maxmind database.
    51. 

  51. | `database_file`        | no        | GeoLite2-City.mmdb                                                                 | The database filename in the geoip config directory. The ingest-geoip plugin ships with the GeoLite2-City.mmdb.gz and GeoLite2-Country.mmdb.gz files.
    52. 

  52. | `properties`           | no        | [`continent_name`, `country_iso_code`, `region_name`, `city_name`, `location`] *   | Controls what properties are added to the `target_field` based on the geoip lookup.
    53. 

  53. |======
    54. 

  54. 

  55. *Depends on what is available in `database_field`:
    56. 

  56. 

  57. * If the GeoLite2 City database is used, then the following fields may be added under the `target_field`: `ip`,
    58. 

  58. `country_iso_code`, `country_name`, `continent_name`, `region_name`, `city_name`, `timezone`, `latitude`, `longitude`
    59. 

  59. and `location`. The fields actually added depend on what has been found and which properties were configured in `properties`.
    60. 

  60. * If the GeoLite2 Country database is used, then the following fields may be added under the `target_field`: `ip`,
    61. 

  61. `country_iso_code`, `country_name` and `continent_name`. The fields actually added depend on what has been found and which properties were configured in `properties`.
    62. 

  62. 

  63. Here is an example that uses the default city database and adds the geographical information to the `geoip` field based on the `ip` field:
    64. 

  64. 

  65. [source,js]
    66. 

  66. --------------------------------------------------
    67. 

  67. {
    68. 

  68.   "description" : "...",
    69. 

  69.   "processors" : [
    70. 

  70.     {
    71. 

  71.       "geoip" : {
    72. 

  72.         "field" : "ip"
    73. 

  73.       }
    74. 

  74.     }
    75. 

  75.   ]
    76. 

  76. }
    77. 

  77. --------------------------------------------------
    78. 

  78. 

  79. Here is an example that uses the default country database and adds the geographical information to the `geo` field based on the `ip` field`:
    80. 

  80. 

  81. [source,js]
    82. 

  82. --------------------------------------------------
    83. 

  83. {
    84. 

  84.   "description" : "...",
    85. 

  85.   "processors" : [
    86. 

  86.     {
    87. 

  87.       "geoip" : {
    88. 

  88.         "field" : "ip",
    89. 

  89.         "target_field" : "geo",
    90. 

  90.         "database_file" : "GeoLite2-Country.mmdb"
    91. 

  91.       }
    92. 

  92.     }
    93. 

  93.   ]
    94. 

  94. }
    95. 

  95. --------------------------------------------------
    96.