mirrors
/
elasticsearch
mirror of https://mirror.osredm.com/root/elasticsearch.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Document new ip geolocation fields (#116603)

This commit is contained in:
Joe Gallo 2024-11-11 11:13:56 -05:00 committed by GitHub
parent 2054357902
commit b517abcb07
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 25 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/changelog/114193.yaml Normal file
View File

@ -0,0 +1,5 @@
pr: 114193
summary: Add postal_code support to the City and Enterprise databases
area: Ingest Node
type: enhancement
issues: []

5
docs/changelog/114268.yaml Normal file
View File

@ -0,0 +1,5 @@
pr: 114268
summary: Support more maxmind fields in the geoip processor
area: Ingest Node
type: enhancement
issues: []

5
docs/changelog/114521.yaml Normal file
View File

@ -0,0 +1,5 @@
pr: 114521
summary: Add support for registered country fields for maxmind geoip databases
area: Ingest Node
type: enhancement
issues: []

16
docs/reference/ingest/processors/geoip.asciidoc
View File

@ -51,10 +51,12 @@ field instead.
*Depends on what is available in `database_file`:
* If a GeoLite2 City or GeoIP2 City database is used, then the following fields may be added under the `target_field`: `ip`,
`country_iso_code`, `country_name`, `continent_code`, `continent_name`, `region_iso_code`, `region_name`, `city_name`, `timezone`,
and `location`. The fields actually added depend on what has been found and which properties were configured in `properties`.
`country_iso_code`, `country_name`, `country_in_european_union`, `registered_country_iso_code`, `registered_country_name`, `registered_country_in_european_union`,
`continent_code`, `continent_name`, `region_iso_code`, `region_name`, `city_name`, `postal_code`, `timezone`,
`location`, and `accuracy_radius`. The fields actually added depend on what has been found and which properties were configured in `properties`.
* If a GeoLite2 Country or GeoIP2 Country database is used, then the following fields may be added under the `target_field`: `ip`,
`country_iso_code`, `country_name`, `continent_code`, and `continent_name`. The fields actually added depend on what has been found
`country_iso_code`, `country_name`, `country_in_european_union`, `registered_country_iso_code`, `registered_country_name`, `registered_country_in_european_union`,
`continent_code`, and `continent_name`. The fields actually added depend on what has been found
and which properties were configured in `properties`.
* If the GeoLite2 ASN database is used, then the following fields may be added under the `target_field`: `ip`,
`asn`, `organization_name` and `network`. The fields actually added depend on what has been found and which properties were configured
@ -70,10 +72,12 @@ The fields actually added depend on what has been found and which properties wer
`organization_name`, `network`, `isp`, `isp_organization_name`, `mobile_country_code`, and `mobile_network_code`. The fields actually added
depend on what has been found and which properties were configured in `properties`.
* If the GeoIP2 Enterprise database is used, then the following fields may be added under the `target_field`: `ip`,
`country_iso_code`, `country_name`, `continent_code`, `continent_name`, `region_iso_code`, `region_name`, `city_name`, `timezone`,
`location`, `asn`, `organization_name`, `network`, `hosting_provider`, `tor_exit_node`, `anonymous_vpn`, `anonymous`, `public_proxy`,
`country_iso_code`, `country_name`, `country_in_european_union`, `registered_country_iso_code`, `registered_country_name`, `registered_country_in_european_union`,
`continent_code`, `continent_name`, `region_iso_code`, `region_name`, `city_name`, `postal_code`, `timezone`,
`location`, `accuracy_radius`, `country_confidence`, `city_confidence`, `postal_confidence`, `asn`, `organization_name`, `network`,
`hosting_provider`, `tor_exit_node`, `anonymous_vpn`, `anonymous`, `public_proxy`,
`residential_proxy`, `domain`, `isp`, `isp_organization_name`, `mobile_country_code`, `mobile_network_code`, `user_type`, and
`connection_type`. The fields actually added depend on what has been found and which properties were configured in `properties`.
`connection_type`. The fields actually added depend on what has been found and which properties were configured in `properties`.
preview::["Do not use the GeoIP2 Anonymous IP, GeoIP2 Connection Type, GeoIP2 Domain, GeoIP2 ISP, and GeoIP2 Enterprise databases in production environments. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."]