We’re running the GeoIP Resolver to get the additional fields XXX_country_code etc.
According to the docs, the GeoIP Resolver needs to be last in order to get those additional GeoIP fields. (I noted that if the GeoIP Resolver was first in the list, only the “source” field would get the additional GeoIP data)
Unfortunately, it doesn’t work to create a stream with filter based on the additional GeoIP fields, like:
- Field ssh_accepted_ip_country_code must not match regular expression DK
as the GeoIP Resolver seems to executed after the stream filtering is done.
Is there any fix/workaround to get that working?