Add support for the 'Anonymous IP' database to the geoip processor #107287
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Put the default fields for the city database in the same order as the valid fields for the city database. Interestingly, the 'TIMEZONE' (and the 'IP') are the only valid non-default properties.
joegallo
added
>enhancement
WIP
:Data Management/Ingest Node
|
@masseyke and I talked about the source of the As follow up work after this PR, I would like to organize, update, and document all those files so that their provenance is clear. |
Rather, they're the object properties under which those values will be written within a containing 'location' object, if the 'location' property has been selected.
and use a more general term instead. Maxmind seems to consistently refer to the GeoLite2 databases as 'GeoLite2 databases' and to their commercial offerings as 'GeoIP2 databases' -- both of them are 'IP geolocation databases' (which appears to me to be a generic term that applies to both their free and commercial databases as well as the things that others in the industry might provide).
nor are any 'included in the module'.
|
Pinging @elastic/es-data-management (Team:Data Management) |
|
Hi @joegallo, I've created a changelog YAML for you. |
This comment was marked as outdated.
This comment was marked as outdated.
|
I merged in |
masseyke
approved these changes
Apr 11, 2024
|
Related to #101080 |
yaauie
added a commit
to yaauie/logstash-filter-elastic_integration
that referenced
this pull request
Apr 23, 2024
Catches up with Elasticsearch 8.14+ support for user-provided databases: - `Anonymous-IP` elastic/elasticsearch#107287 - `Enterprise` elastic/elasticsearch#107377 When compiled against Elasticsearch < 8.14, these methods neither exist in the interface nor are reachable by the GeoIP processor. Co-authored-by: Joe Gallo <joegallo@gmail.com>
yaauie
added a commit
to elastic/logstash-filter-elastic_integration
that referenced
this pull request
Apr 23, 2024
Catches up with Elasticsearch 8.14+ support for user-provided databases: - `Anonymous-IP` elastic/elasticsearch#107287 - `Enterprise` elastic/elasticsearch#107377 When compiled against Elasticsearch < 8.14, these methods neither exist in the interface nor are reachable by the GeoIP processor. Co-authored-by: Joe Gallo <joegallo@gmail.com>
This was referenced May 10, 2024
joegallo
added a commit
to joegallo/elasticsearch
that referenced
this pull request
Jun 3, 2024
The same highlight also serves for elastic#107287, but I don't know an especially elegant way of making one highlight do double duty, so I did it the naive way.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #90789
Adds support for the 'GeoIP2 Anonymous IP' database from MaxMind to the
geoipprocessor.The
geoipprocessor will automatically download the various 'GeoLite2' databases, but the 'GeoIP2 Anonymous IP' database is not a 'GeoLite2' database -- it's a commercial database available to those with a suitable license from MaxMind.The support that is being added for it in this PR is in line with the support that we already have for MaxMind's 'GeoIP2 City' and 'GeoIP2 Country' databases -- that is, one would need to arrange their own download management via some custom endpoint or otherwise arrange for the relevant file(s) to be in the
$ES_CONFIG/ingest-geoipdirectory on the nodes of the cluster.