Hi list,
I want to enrich AWS Cloudtrail events with an extra field "is_us"
("yes" or "no") which shows whether the source ip address in my events
is from our network or not.
I created the file my_subnets.csv with the following content:
1.2.3.0/24;AS1230;Company1
1.2.4.0/24;AS1240;Company2
My expectation is that /apps/metron/geo is empty (or at least has no files
in subdirs), can you verify this?
Assuming it is empty, you should be able to place the file (
http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz)
into HDFS at
