AnsweredAssumed Answered

Geo IP enhancement for custom IPv4 meta keys

Question asked by Michael Pochan on Feb 16, 2017
Latest reply on Feb 21, 2017 by Michael Pochan

We've added a couple of custom meta keys for storing IPv4 addresses aside from ip.src/dst, orig_ip, and alias.ip. We were looking for a way to initiate a MaxMind geo IP lookup for each value as it's registered by our lua parsers and store the result in a custom country code meta key (country.client, country.x-forwarded-for, country.x-originating, etc...) similar to how ip.src/dst have their geo information stored in the country.src and country.dst meta keys. 

 

Is there a way to do this with lua parsers? We've created the country.* meta keys to store the country values but aren't sure how to have the decoders perform a lookup. I know we can do it with ESA, but we'd like to perform the lookup on every IPv4 value as it comes in. Any feedback would be greatly appreciated. 

Outcomes