We have some application which is directly send data to Elasticsearch. we don't want involve logstash. any possibility to get Geo Information from original IP without using logstash?
Is there any post script we can run? please suggest any idea.
Asked
Active
Viewed 70 times
0
-
Hello Sir Thank you for reply Actually we have only Original IP (customer ip, http_ foreworded_ for) this details having in message how to get geo Information without pars through logstash Data is normally store with original ip but we are not getting geo info if we are send direct app to elastic we need help for the same. – Dharmin Fadia Dec 06 '21 at 13:27
1 Answers
0
I guess this geopip processor from Elasticsearch must respond to your use case.
An example :
PUT _ingest/pipeline/geoip
{
"description" : "Add geoip info",
"processors" : [
{
"geoip" : {
"field" : "ip"
}
}
]
}
PUT my-index-00001/_doc/my_id?pipeline=geoip
{
"ip": "8.8.8.8"
}
YLR
- 1,503
- 4
- 21
- 28
-
Hello Sir Thank you for reply Actually we have only Original IP (customer ip, http_ foreworded_ for) this details having in message how to get geo Information without pars through logstash Data is normally store with original ip but we are not getting geo info if we are send direct app to elastic we need help for the same. – Dharmin Fadia Dec 06 '21 at 13:27