geoip contry_code3 value is equal to contry_code2
ejectck opened this issue · 1 comments
ejectck commented
When doing lookup in Geoip2-City I see that returned values for country_code3 are invalid and equal to country_code2 value.
As I see now GeoIP2 database doesn't have country_code2/3 values, but just one iso_code field http://dev.maxmind.com/geoip/geoip2/javascript/
Version
/opt/logstash/bin/logstash --version
logstash 2.3.4
/opt/logstash/bin/logstash-plugin list --verbose logstash-filter-geoip
logstash-filter-geoip (3.0.1)
Operating System
lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 8.5 (jessie)
Release: 8.5
Codename: jessie
Config File
geoip {
source => "client_ip"
target => "geoip"
database => "/etc/geoip/GeoIP2-City.mmdb"
}
Sample data - IP 193.29.204.7
"geoip" => {
"city_name" => "Kiev",
"continent_code" => "EU",
"country_code2" => "UA",
"country_code3" => "UA",
"country_name" => "Ukraine",
"dma_code" => nil,
"ip" => "193.29.204.7",
"latitude" => 50.4333,
"longitude" => 30.5167,
"postal_code" => nil,
"region_name" => "Kyiv City",
"region_code" => "30",
"timezone" => "Europe/Kiev",
"location" => [
[0] 30.5167,
[1] 50.4333
]
}
almico commented
I can confirm that "GeoLite2-City.mmdb" does not return 3 chars country codes.
In a Python script, I circumvented this by using the following import:
from iso3166 import countries as iso_countries
I think that the current implementation, that appears to be copying country_code2 to country_code3, should be fixed, either by removing country_code3 (not a great fix, but better than populating a field with the wrong data) or using an approach similar to the Python import above.