Document how to enable GeoIP2 ASN/ISP lookups

Question

Document how to enable GeoIP2 ASN/ISP lookups

acchen97 opened this issue 7 years ago · 1 comments

With the recent addition of GeoIP2 ISP and ASN lookup support, we should include documentation on how to enable it esp since its been a hot request. We don't bundle these datasets OOTB, so they'll need to download/license and include it when running Logstash.

/cc @dedemorton @suyograo

Answer 1 · 2017-09-11T20:00:53.000Z

something like this for the LS config, filter section?

        # Add more geolocation data / ASN info
        if [SOURCE] {
                geoip {
                        source => "SOURCE"
                        database => "/etc/logstash/GeoLite2-City.mmdb"
                        add_tag => [ "GeoIP" ]
                }
                geoip {
                        source => "SOURCE"
                        database => "/etc/logstash/GeoLite2-ASN.mmdb"
                }
        }