Geolocation processor

I have setup geolocation processor but unable to see any location information.

Here is my pipeline rule:
rule “GeoIP lookup: destination-address”




let geo = lookup(“geoip”, to_string($message.“destination-address”));

set_field(“destination-address_geo_location”, geo[“coordinates”]);

set_field(“destination-address_geo_country”, geo[“country”].iso_code);

set_field(“destination-address_geo_city”, geo[“city”].names.en);


My looksup table looks like this:

Graylog 4.0

  • Containers (e.g., Docker, Kubernetes, etc.)

Check if your lookup table return correct info for internet IP. Don’t forget that you can you geoip only for internet ip address, not LAN.

Adding on to @shoothub suggestion. Maybe try adjusting the order of you Message Processors Configureation.

This is located under “System/Configuration”.

Thank you for your reply. I didn’t realise GeoIp works only for internet IP addresses.
All sorted.

Wonderful, Thanks. It workked.

Glad you solved it :slight_smile:

