Add support for the 'Enterprise' database to the geoip processor #107377
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joegallo
added
>enhancement
:Data Management/Ingest Node
|
Documentation preview: |
|
Pinging @elastic/es-data-management (Team:Data Management) |
|
Hi @joegallo, I've created a changelog YAML for you. |
masseyke
approved these changes
Apr 11, 2024
|
Related to #101080 |
yaauie
added a commit
to yaauie/logstash-filter-elastic_integration
that referenced
this pull request
Apr 23, 2024
Catches up with Elasticsearch 8.14+ support for user-provided databases: - `Anonymous-IP` elastic/elasticsearch#107287 - `Enterprise` elastic/elasticsearch#107377 When compiled against Elasticsearch < 8.14, these methods neither exist in the interface nor are reachable by the GeoIP processor. Co-authored-by: Joe Gallo <joegallo@gmail.com>
yaauie
added a commit
to elastic/logstash-filter-elastic_integration
that referenced
this pull request
Apr 23, 2024
Catches up with Elasticsearch 8.14+ support for user-provided databases: - `Anonymous-IP` elastic/elasticsearch#107287 - `Enterprise` elastic/elasticsearch#107377 When compiled against Elasticsearch < 8.14, these methods neither exist in the interface nor are reachable by the GeoIP processor. Co-authored-by: Joe Gallo <joegallo@gmail.com>
This was referenced May 10, 2024
joegallo
added a commit
to joegallo/elasticsearch
that referenced
this pull request
Jun 3, 2024
The same highlight also serves for elastic#107287, but I don't know an especially elegant way of making one highlight do double duty, so I did it the naive way.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Follow on to #107287
Adds support for the 'GeoIP2 Enterprise' database from MaxMind to the
geoipprocessor.The
geoipprocessor will automatically download the various 'GeoLite2' databases, but the 'GeoIP2 Enterprise' database is not a 'GeoLite2' database -- it's a commercial database available to those with a suitable license from MaxMind.The support that is being added for it in this PR is in line with the support that we already have for MaxMind's 'GeoIP2 City' and 'GeoIP2 Country' databases -- that is, one would need to arrange their own download management via some custom endpoint or otherwise arrange for the relevant file(s) to be in the
$ES_CONFIG/ingest-geoipdirectory on the nodes of the cluster.Note: only a limited number of
propertiesare supported in this initial implementation. The 'GeoIP2 Enterprise' database is almost like a union of the other database types, and in keeping with that the properties that are supported here are a union of the supported properties from the other already supported database types -- we have some work to do to support more of the fields available in the 'GeoLite2 City' and 'GeoIP2 City' databases, though, and that implementation debt also shows through here.