elasticsearch icon indicating copy to clipboard operation
elasticsearch copied to clipboard

Published 20 hours ago verified publisher icon elastic

Add support for the 'ISP' database to the geoip processor

Open masseyke opened this issue 9 months ago • 4 comments

Follow on to https://github.com/elastic/elasticsearch/pull/107287, https://github.com/elastic/elasticsearch/pull/107377, and https://github.com/elastic/elasticsearch/pull/108639

Adds support for the 'GeoIP2 ISP' database from MaxMind to the geoip processor.

The geoip processor will automatically download the various 'GeoLite2' databases, but the 'GeoIP2 ISP' database is not a 'GeoLite2' database -- it's a commercial database available to those with a suitable license from MaxMind.

The support that is being added for it in this PR is in line with the support that we already have for MaxMind's 'GeoIP2 City' and 'GeoIP2 Country' databases -- that is, one would need to arrange their own download management via some custom endpoint or otherwise arrange for the relevant file(s) to be in the $ES_CONFIG/ingest-geoip directory on the nodes of the cluster.

masseyke avatar May 14 '24 22:05 masseyke

Documentation preview:

github-actions[bot] avatar May 14 '24 22:05 github-actions[bot]

Pinging @elastic/es-data-management (Team:Data Management)

elasticsearchmachine avatar May 14 '24 22:05 elasticsearchmachine

Hi @masseyke, I've created a changelog YAML for you.

elasticsearchmachine avatar May 14 '24 22:05 elasticsearchmachine

Hi @masseyke, I've updated the changelog YAML for you. Note that since this PR is labelled release highlight, you need to update the changelog YAML to fill out the extended information sections.

elasticsearchmachine avatar May 14 '24 22:05 elasticsearchmachine

Related to https://github.com/elastic/elasticsearch/issues/101080

joegallo avatar May 17 '24 14:05 joegallo