Slightly stumped, followed the doco and some threads online of others struggling.
Here's what I've done so far: Download the MaxMind binary from https://dev.maxmind.com/geoip/geoip2/geolite2/ In the "Message Processors Configuration", ensure GeoIP resolver is the last step. Under Plugins, Geo-Location Processor, select update, enable, and set path to db file. Made sure file is readable. The logs reflect the change and that it can find the file: [GeoIpProcessor] Updating GeoIP resolver engine - GeoIpResolverConfig{enabled=true, dbType=MAXMIND_CITY, dbPath=/etc/graylog/GeoLite2-City.mmdb} This is on a column with only an IP address. Went shotgun approach and added an extractor using GROK pattern %{IP} anyway. It added IP and IPV4 fields to those records. Still no *_geolocation fields. This is where I ran out of ideas.... -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/735bcfcf-1cbf-45ee-8086-e8e8a910a206%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
