Geolocation processor

Description of your problem
I have setup geolocation processor but unable to see any location information.

Description of steps you’ve taken to attempt to solve the issue
Here is my pipeline rule:
rule “GeoIP lookup: destination-address”

when

has_field(“destination-address”)

then

let geo = lookup(“geoip”, to_string($message.“destination-address”));

set_field(“destination-address_geo_location”, geo[“coordinates”]);

set_field(“destination-address_geo_country”, geo[“country”].iso_code);

set_field(“destination-address_geo_city”, geo[“city”].names.en);

end

My looksup table looks like this:

Environmental information
Graylog 4.0

Operating system information
Ubuntu

  • Containers (e.g., Docker, Kubernetes, etc.)

Check if your lookup table return correct info for internet IP. Don’t forget that you can you geoip only for internet ip address, not LAN.

1 Like

@Raynu

Adding on to @shoothub suggestion. Maybe try adjusting the order of you Message Processors Configureation.

This is located under “System/Configuration”.

1 Like

Thank you for your reply. I didn’t realise GeoIp works only for internet IP addresses.
All sorted.

Wonderful, Thanks. It workked.

Glad you solved it :slight_smile:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.