I’m pulling in logs from an OPNSense FW. Two of the ingested fields are src_ip and dst_ip. As the GeoIP pipline that came pre-installed didn’t seem to work, I removed them and started from scratch following to the letter and multiple times, the steps here: https://www.graylog.org/post/how-to-set-up-graylog-geoip-configuration.
I’ve got a fair amount of experience building and running ELK stacks so I may have come into this thinking it would be easier to get things like GeoIP running but I’m obviously missing something. The database is accessable and lives in /etc/graylog/server, everything else is set up exactly as the walkthough linked about tells me to.
Nothing is being shown in /var/log/graylog-server/server.log that would suggest any issues.
Can anyone point out the part that may have been missed out from the steps above?