updating GeoIP databases breaks plugin

[emsearcy]

Summary: the Geo-Location Processor stops appending _geolocation when the City database is updated/replaced.

Expected Behavior

Graylog continues appending _geolocation after a new City database is downloaded, using the updated GeoIP database values, without restarting graylog-server.

Current Behavior

After a new City database is downloaded, matching _geolocation fields are no longer added to IP address fields, until graylog-server is restarted.

Steps to Reproduce

The free GeoIP databases are updated once the first Tuesday of each month. Run the following to check for updates and replace the current mmdb when an update is available.

cd /usr/share/GeoIP # or other plugin-configured db location wget -q -t1 --timestamping http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz test GeoLite2-City.mmdb.gz -nt GeoLite2-City.mmdb && gunzip -c GeoLite2-City.mmdb.gz > GeoLite2-City.mmdb

When a new gz is downloaded, and the mmdb file has been overwritten by the update, check incoming log entries to see if _geolocation is still present on IP fields.

Your Environment

• Graylog Version: 2.1.2. (I've just upgraded to 2.2.1 and will re-verify next month, but wanted to submit this before I forgot, and I don't see anything in the recent release notes to suggest this was fixed.)
• Elasticsearch Version: elasticsearch-2.4.1-1.noarch
• MongoDB Version: mongodb-2.4.14-4.el6.x86_64
• Operating System: RHEL 6

[joschi]

This issue was moved to Graylog2/graylog-plugin-map-widget#35

[h0tw1r3]

@joschi can this issue be re-opened now that the plugin has been merged into server?

[joschi]

@h0tw1r3 We're tracking existing issues in the respective repositories of the plugins.

If you want to create new issues for a plugin which has been merged into Graylog, please open them in this repository.