About GeoIP processor

[pietrogu]

Hi,

i would like to ask some clarification about GeoIP processor. In particular, is there some update mechanism for the database? If not, how would it be possible to update (maybe using scripts)? Did someone already tried to do this?

Thank you

Pietro

[dblock]

I think we need to dig deeper into what we've inherited wrt the geoip processor (https://github.com/opensearch-project/OpenSearch/tree/main/modules/ingest-geoip and friends). I also found https://discuss.opendistrocommunity.dev/t/logstash-geoip-filter-no-longer-oss/5225 that seems related.

@pietrogu What were you able to get working in OpenSearch wrt geoip processor?

[pietrogu]

Yes it seems to work in OpenSearch: if I implement geoip in a pipeline most of the time the localization is provided, but in my understanding it is not possible for now to update the database over time: the only way should be to shutdown the cluster first (and in a production environment is not a good solution due to downtime)

[CEHENKLE]

@opensearch-project/geospatial Hey folks - I chatted with @nknize about this, and we didn't pick up geoip work when we forked. It seems like something that the folks on this repo could dig into.

Thanks, /C

[navneet1v]

This seems to be a feature request. Please do +1 if you need this feature to be priortized.

[sempervictus]

GeoIP resolution is a rather critical element in security-relevant pipelines such as that used by Wazuh and various network monitoring solutions (flow analysis and such). Would very much aid in easing migration from pre-licensing-nonsense ES.

[heemin32]

We started working on this feature. https://github.com/opensearch-project/OpenSearch/issues/5856

[heemin32]

New IP2Geo processor is launched. https://opensearch.org/docs/latest/api-reference/ingest-apis/processors/ip2geo/ Closing the issue now.

[sempervictus]

Thank you