[jira] [Commented] (METRON-680) GeoLiteDatabase incorrectly using country geoname_id instead of city

Thu, 02 Feb 2017 06:26:34 -0800 

    [ 
https://issues.apache.org/jira/browse/METRON-680?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15849969#comment-15849969
 ] 

ASF GitHub Bot commented on METRON-680:
---------------------------------------

Github user justinleet commented on the issue:

    https://github.com/apache/incubator-metron/pull/433
  
    @cestella We definitely could. 
[METRON-679](https://issues.apache.org/jira/browse/METRON-679) has the details 
about all the other fields we could be passing, including the current country 
geoname id being passed.  If we want to start passing additional fields, I'd 
rather just do it one as part of that ticket.
    
    For this, we could also just change the box to do a unique count of one of 
the other existing fields, and just ignore locId entirely.  To the best of my 
knowledge it only gets used in that one Kibana visualization.  Depending on how 
granular we want the box to be (at least by default), we could always make it a 
unique count on city or a unique count on location_point (or whatever the 
actual field for lat,long) is.


> GeoLiteDatabase incorrectly using country geoname_id instead of city
> --------------------------------------------------------------------
>
>                 Key: METRON-680
>                 URL: https://issues.apache.org/jira/browse/METRON-680
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Justin Leet
>            Assignee: Justin Leet
>            Priority: Minor
>
> Due to misunderstanding exactly how things tied together with the updated 
> database, the wrong field is used for the locId.  Instead of using the city's 
> geoname_id, we are using the country's.
> This will effect Kibana dashboards and anything that depends on the locId, 
> because it will be retrieved at the country level instead of the city level.  
> The change will not break anything (anything not at the city level uses the 
> country's code, e.g. if the IP is for Japan in general, the city code is 
> 1861060, not empty or null).  This example from the plaintext database can be 
> seen in the second and third fields at:
> bq. 1.112.0.0/15,1861060,1861060,,0,0,,35.6900,139.6900,500
> The offending code is in `GeoLiteDatabase.java` and should be 
> `geoInfo.put("locID", convertNullToEmptyString(country.getGeoNameId()));`
> This should be updated to grab the city's geoname, and tests should be 
> updated to reflect this (they didn't catch this error because of the 
> misunderstood data change, not an error in coding).
> Ideally, this field is renamed and better documented as part of METRON-679



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to