Skip to content

gallis-local/elasticsearch-private-geoip-enrich

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits

.github/workflows

.github/workflows

 
 

resources

resources

 
 

.gitattributes

.gitattributes

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

docker-compose.yml

docker-compose.yml

 
 

elasticsearch-private-geoip.py

elasticsearch-private-geoip.py

 
 

locations.json

locations.json

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

Elasticsearch Private GeoIP Enrichment

Generates IP range docs for Private GeoIP Encrichment Policy

Note - Known to be slow as sends doc per ip address, ensures unique ID per document

Docker Image CI

Usage

Edit lists in locations.json and build/run

Locations city_name must match Networks name

Elasticsearch Integration

Create a new ingest pipeline and apply Enrichment Policy that has been created Example resources/geoip-info-pipeline.txt

Use API Query to check if Enrich Event is occuring

GET /_enrich/_stats

Environment Variables

Key Value
ELASTIC_USER elastic
ELASTIC_PASS <password>
ELASTIC_HOST <elasticsearch_host>
ELASTIC_PROTO https,http
ELASTIC_INDEX private_geoips
ELASTIC_SSL_VERIFY True,False
ELASTIC_SSL True,False
CONFIG_FILE locations.json
CREATE_ENRICHMENT_POLICY True, False
CREATE_INDEX True, False

Reference

Elasticsearch Blog Post

Contact

@egallis31

About

Elasticsearch Private GeoIP Enrichment Generator

Topics

elasticsearch enrichment geoip

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Languages