Thanks for the reply. But even if I remove “_geolocation” it still does not
work.
for example:
%{IP:src_mapped_ip}
Or are you saying that I should have a field named “ip_geolocation”? I dont
have one.
I also have another tag named “asa_src_ip” and the same pop error is given.
I am making sure that I see internet IP addresses only.
Is there a debug option? If so how do I enable it?
Also verified that the graylog user can read the geolite file
# ls -l /usr/share/GeoIP/GeoLiteCity.dat
-rw-r--r--. 1 root root 17765572 Oct 15 16:02 /usr/share/GeoIP/GeoLiteCity.dat
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/e5d4084e-5729-4cff-9a49-cee38dd016cd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
