Ingest Geoip Processor Plugin

The GeoIP processor adds information about the geographical location of IP addresses, based on data from the Maxmind databases. This processor adds this information by default under the geoip field. The geoip processor can resolve both IPv4 and IPv6 addresses.

The ingest-geoip plugin ships by default with the GeoLite2 City, GeoLite2 Country and GeoLite2 ASN geoip2 databases from Maxmind made available under the CCA-ShareAlike 4.0 license. For more details see, http://dev.maxmind.com/geoip/geoip2/geolite2/

The GeoIP processor can run with other geoip2 databases from Maxmind. The files must be copied into the geoip config directory, and the database_file option should be used to specify the filename of the custom database. Custom database files must be stored uncompressed. The geoip config directory is located at $ES_HOME/config/ingest-geoip and holds the shipped databases too.

This plugin can be installed using the plugin manager:

sudo bin/elasticsearch-plugin install ingest-geoip

The plugin must be installed on every node in the cluster, and each node must be restarted after installation.

This plugin can be downloaded for offline install from https://artifacts.elastic.co/downloads/elasticsearch-plugins/ingest-geoip/ingest-geoip-6.5.4.zip.

The plugin can be removed with the following command:

sudo bin/elasticsearch-plugin remove ingest-geoip

The node must be stopped before removing the plugin.