What stumps me more, is I have just added another host, in the Eventlog it has a Destination Address IP, this is being updated and a _geolocation field added. Any idea why it would work on *some* fields and not others?
On Friday, November 4, 2016 at 8:55:03 AM UTC+13, Werner van der Merwe wrote: > > Slightly stumped, followed the doco and some threads online of others > struggling. > > Here's what I've done so far: > Download the MaxMind binary from > https://dev.maxmind.com/geoip/geoip2/geolite2/ > > In the "Message Processors Configuration", ensure GeoIP resolver is the > last step. > > Under Plugins, Geo-Location Processor, select update, enable, and set path > to db file. > > Made sure file is readable. > > The logs reflect the change and that it can find the file: > [GeoIpProcessor] Updating GeoIP resolver engine - > GeoIpResolverConfig{enabled=true, dbType=MAXMIND_CITY, > dbPath=/etc/graylog/GeoLite2-City.mmdb} > > This is on a column with only an IP address. Went shotgun approach and > added an extractor using GROK pattern %{IP} anyway. It added IP and IPV4 > fields to those records. > Still no *_geolocation fields. > > This is where I ran out of ideas.... > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/9f8d2382-4b3c-4448-b63a-f32c603fe157%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
