[
https://issues.apache.org/jira/browse/METRON-680?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15848380#comment-15848380
]
ASF GitHub Bot commented on METRON-680:
---------------------------------------
Github user justinleet closed the pull request at:
https://github.com/apache/incubator-metron/pull/431
> GeoLiteDatabase incorrectly using country geoname_id instead of city
> --------------------------------------------------------------------
>
> Key: METRON-680
> URL: https://issues.apache.org/jira/browse/METRON-680
> Project: Metron
> Issue Type: Bug
> Reporter: Justin Leet
> Assignee: Justin Leet
> Priority: Minor
>
> Due to misunderstanding exactly how things tied together with the updated
> database, the wrong field is used for the locId. Instead of using the city's
> geoname_id, we are using the country's.
> This will effect Kibana dashboards and anything that depends on the locId,
> because it will be retrieved at the country level instead of the city level.
> The change will not break anything (anything not at the city level uses the
> country's code, e.g. if the IP is for Japan in general, the city code is
> 1861060, not empty or null). This example from the plaintext database can be
> seen in the second and third fields at:
> bq. 1.112.0.0/15,1861060,1861060,,0,0,,35.6900,139.6900,500
> The offending code is in `GeoLiteDatabase.java` and should be
> `geoInfo.put("locID", convertNullToEmptyString(country.getGeoNameId()));`
> This should be updated to grab the city's geoname, and tests should be
> updated to reflect this (they didn't catch this error because of the
> misunderstood data change, not an error in coding).
> Ideally, this field is renamed and better documented as part of METRON-679
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
