In Graylog 2.2x with the geo-ip mapping plugin, it SEEMED like ANY field containing an ipv4 IP address would get enriched with geo-ip data.
It SEEMS like 3.3x’s documentation is saying you have to manually build a pipeline and know the field names ahead of time. With lots of data sources coming in, I am rarely going to be able to know for sure they will all be named like src_ip, source_ip, ip_source, or ip.
Is there a way to build the pipeline the old way?
rather than :
something like :
… which requires
Does this make sense?