How to solve Elasticsearch Geoip processor failures
--
What is geoip processor?
In short a processor which translates IP addresses into geo-location data. Take an example you have an IP address “8.8.8.8” which should be resolved as the following:
The geo-location would be useful when you are expecting a longitutude-latitude pair for chart plotting (kibana Map visualization) OR simply you just want to know where this request originate in (e.g. United States in this example)
A weird exception
For most cases, Elasticsearch distribution should have the supporting geolite2 database files available. However sometimes you might find your distribution failed to employ those files. The exceptions would be a sentence like this “_geoip_database_unavailable_GeoLite2-City.mmdb”. Clearly one of the geolite2 database files are missing.
To further prove whether the geolite2 files are available, run the following:
If you encounter an exception with “_geoip_database_unavailable_GeoLite2-City.mmdb”, congratulations… you are the lucky one.
Solution
Run the following test and check if the database files are there or not
If you see the results showing an empty node… then probably the expected files are not available for some reasons.
Next run the following to enable Elasticsearch to download and manage the database files again
Hooray~ We just did it~ For more information do read the following:
https://www.elastic.co/guide/en/elasticsearch/reference/8.4/geoip-stats-api.html
Housekeep
You might want to reset the cluster settings back to the original value after using the geoip processings. The reason is to avoid opening up an internet access.
