Dashboard Kibana

GeoIP Plugin

It is necessary to upload the databases containing the information required to geolocate a public IP address.

Important: on the Elasticsearch machines, in addition to adding these databases, it will also be necessary to include 2 paths/settings inside the elasticsearch.yml file:

ingest.geoip.downloader.enabled : false
← Location database download/access (prevents Elasticsearch from downloading the databases from the Elastic website every 30 days). It was decided to set this to false because the website was not available. In order to keep the information accessible, Elasticsearch will instead use the databases stored locally on the machine to geolocate the IP addresses. These databases must be placed in the folder referenced by the endpoint specified in another setting within the same file.

ingest.geoip.downloader.endpoint : /usr/share/elasticsearch/modules/ingest-geoip/ ← Endpoint

For more information about the plugin: https://www.elastic.co/guide/en/logstash/current/plugins-filters-geoip.html

The information that can be obtained from an IP address when using this plugin is the following: