Invalid attempt to open a GeoIP2-Country database using the city method

[deamen]

I am getting the "Invalid attempt to open a GeoIP2-Country database using the city method" error message while using country database with logstash 5.1.2 and logstash-filter-geoip-4.0.3-java.

The filter configuration I am using:
geoip { add_tag => [ "GeoIP" ] database => "/opt/logstash/vendor/GeoCity/GeoIP2-Country.mmdb" source => "clientip" }

The database is opened without any issue, but once the logs come in, I get the following error messages and logstash stops working.

[2016-12-11T18:43:47,063][ERROR][logstash.filters.geoip   ] Unknown error while looking up GeoIP data {:exception=>java.lang.UnsupportedOperationException: Invalid attempt to open a GeoIP2-Country database using the city method, :field=>"clientip", :event=>2016-12-09T17:30:00.000Z 192.168.99.10 192.168.17.9 - - [10/Dec/2016:04:30:00 +1100] "GET /Javascript/TOL_Javascript.js HTTP/1.1" 200 7036 "-" "libwww-perl/6.02" "-" (user.toltest.om.net -> 192.168.17.31:80) 0.001 0.001 }
[2016-12-11T18:43:47,066][ERROR][logstash.pipeline        ] Exception in pipelineworker, the pipeline stopped processing new events, please check your filter configuration and restart Logstash. {"exception"=>java.lang.UnsupportedOperationException: Invalid attempt to open a GeoIP2-Country database using the city method, "backtrace"=>["com.maxmind.geoip2.DatabaseReader.get(com/maxmind/geoip2/DatabaseReader.java:150)", "com.maxmind.geoip2.DatabaseReader.city(com/maxmind/geoip2/DatabaseReader.java:217)", "java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:498)", "RUBY.filter(/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-geoip-4.0.3-java/lib/logstash/filters/geoip.rb:160)", "RUBY.multi_filter(/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:156)", "org.jruby.RubyArray.each(org/jruby/RubyArray.java:1613)", "RUBY.multi_filter(/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:153)", "RUBY.multi_filter(/usr/share/logstash/logstash-core/lib/logstash/filter_delegator.rb:41)", "RUBY.initialize((eval):9001)", "org.jruby.RubyArray.each(org/jruby/RubyArray.java:1613)", "RUBY.initialize((eval):8995)", "org.jruby.RubyProc.call(org/jruby/RubyProc.java:281)", "RUBY.filter_func((eval):1794)", "RUBY.filter_batch(/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:260)", "org.jruby.RubyProc.call(org/jruby/RubyProc.java:281)", "RUBY.each(/usr/share/logstash/logstash-core/lib/logstash/util/wrapped_synchronous_queue.rb:186)", "org.jruby.RubyHash.each(org/jruby/RubyHash.java:1342)", "RUBY.each(/usr/share/logstash/logstash-core/lib/logstash/util/wrapped_synchronous_queue.rb:185)", "RUBY.filter_batch(/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:258)", "RUBY.worker_loop(/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:246)", "RUBY.start_workers(/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:225)", "java.lang.Thread.run(java/lang/Thread.java:745)"]}

Looking into the code, the codes(which set geoip_type accordingly) to detect which database edition is in use was removed in commit a0ef0d3

[pemontto]

👍

[VersBinarii]

+1

[volter]

It's worth saying that the documentation tells you that only ASN and country are supported: https://www.elastic.co/guide/en/logstash/current/plugins-filters-geoip.html