We are using OpenDistro ELK is that possible to get GEO data without using logstash Any Idea ?
We are using apllication this application is sending data to Elasticsearch Directly so that is the reason we are not getting any GEO data in Elastic Search so I am find the way how can I achive that.
Is there any script we can crearte after sending Application data we can Update Geo Data or not ?
You don’t need Logstash for geo data. You need to make sure your data is being sent as
"geopoint_field_name": { "lon": ..., "lat": ... }
Hello Sir
Thank you for reply
Actually we have only Original IP (customer ip, http_ foreworded_ for) this details having in message how to get geo Information without pars through logstash
Data is normally store with original ip but we are not getting geo info if we are send direct app to elastic we need help for the same.
You should be able to use an Ingest Pipeline and the geoip processor. The equivalent Elasticsearch docs are HERE. This should be possible on OpenSearch as well, but you will likely need to download the Maxmind GeoLite2-City DB yourself.