Raynu
1
Description of your problem
I have setup geolocation processor but unable to see any location information.
Description of steps you’ve taken to attempt to solve the issue
Here is my pipeline rule:
rule “GeoIP lookup: destination-address”
when
has_field(“destination-address”)
then
let geo = lookup(“geoip”, to_string($message.“destination-address”));
set_field(“destination-address_geo_location”, geo[“coordinates”]);
set_field(“destination-address_geo_country”, geo[“country”].iso_code);
set_field(“destination-address_geo_city”, geo[“city”].names.en);
end
My looksup table looks like this:
Environmental information
Graylog 4.0
Operating system information
Ubuntu
- Containers (e.g., Docker, Kubernetes, etc.)
shoothub
(Shoothub)
2
Check if your lookup table return correct info for internet IP. Don’t forget that you can you geoip only for internet ip address, not LAN.
1 Like
gsmith
(GSmith)
3
@Raynu
Adding on to @shoothub suggestion. Maybe try adjusting the order of you Message Processors Configureation.
This is located under “System/Configuration”.
1 Like
Raynu
4
Thank you for your reply. I didn’t realise GeoIp works only for internet IP addresses.
All sorted.
Raynu
5
Wonderful, Thanks. It workked.
system
(system)
Closed
7
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.