Another interesting processor is the GeoIP one that allows us to map an IP address to a GeoPoint and other location data.
You need an up-and-running Elasticsearch installation, as we described in the Downloading and installing Elasticsearch recipe in Chapter 2, Downloading and Setup.
To execute curl via the command line, you need to install curl for your operative system.
To be able to use the ingest GeoIP processor, perform the following steps:
- You need to install it as a plugin via:
bin/elasticsearch-plugin install ingest-geoip
- The output will be something like the following one:
-> Downloading ingest-geoip from elastic [=================================================] 100%?? @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: plugin requires additional permissions @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ * java.lang.RuntimePermission accessDeclaredMembers See http://docs.oracle.com/javase/8/docs/technotes/guides/ security/permissions.html for descriptions of what these permissions allow and the associated risks. Continue with the installation? [y/n] y. -> Installed ingest-geoipYou must accept the security permissions to complete successfully the installation.
- After having installed a new plugin, your node must be restarted to be able to load it.
- Now you can create a pipeline ingest with the attachment processor:
curl -XPUT 'http://127.0.0.1:9200/_ingest/pipeline/geoip' -d '{ "description" : "Extract geopoint from an IP", "processors" : [ { "geoip" : { "field" : "ip" } } ], "version":1 }' - If everything is okay, you should receive the acknowledged:
{"acknowledged":true} - Now we can index a document via a pipeline:
curl -XPUT 'http://127.0.0.1:9200/my_index/my_type/my_id? pipeline=geoip' -d '{ "ip": "8.8.8.8" }' - And we can recall it:
curl -XGET 'http://127.0.0.1:9200/my_index/my_type/my_id? pretty' - The result will be as follows:
{ "_index" : "my_index", "_type" : "my_type", "_id" : "my_id", "_version" : 3, "found" : true, "_source" : { "geoip" : { "continent_name" : "North America", "city_name" : "Mountain View", "country_iso_code" : "US", "region_name" : "California", "location" : { "lon" : -122.0838, "lat" : 37.386 } }, "ip" : "8.8.8.8" } }
The GeoIP ingest processor is provided by a separate plugin that must be installed.
It uses data from the MaxMind databases to extract information about the geographical location of IP addresses. This processor adds this information by default under the geoip field. The GeoIP processor can resolve both IPv4 and IPv6 addresses.
After having installed it, it works like every other processor. The properties that control it are as follows:
field: This is the field that will contain the IP from which the geo data is extracted.target_field: This will hold thegeoipinformation (defaultgeoip).database_file: This is the database file that contains maps fromipto geolocations. The default one is installed during the plugin installation (defaultGeoLite2-City.mmdb).properties: The properties values depends on the database. You should refer to the database description to have details on the extracted fields (defaultall).
- The official documentation about the GeoIP processor plugin and how to use it with other GeoIP2 databases can be found at https://www.elastic.co/guide/en/elasticsearch/plugins/master/ingest-geoip.html.