eris

- Elasticsearch Recon Ingestion Scripts (ERIS) 🔎
git clone git://git.acid.vegas/eris.git
notes.md (2671B)
      1 # Create a GeoIP ingestion pipeline
      2 
      3 My notes for creating an ingestion pipeline for geoip usage in Kibanas maps
      4 
      5 ###### Create the ingestion pipeline
      6 ```
      7 PUT _ingest/pipeline/geoip
      8 {
      9   "description" : "Add geoip info",
     10   "processors" : [
     11     {
     12       "geoip" : {
     13         "field" : "ip",
     14         "ignore_missing": true
     15       }
     16     }
     17   ]
     18 }
     19 ```
     20 
     21 ###### Update an index
     22 ```
     23 PUT my_ip_locations
     24 {
     25   "mappings": {
     26     "properties": {
     27       "geoip": {
     28         "properties": {
     29           "location": { "type": "geo_point" }
     30         }
     31       }
     32     }
     33   }
     34 }
     35 ```
     36 
     37 or...
     38 
     39 ###### Create the index
     40 ```
     41 PUT /masscan-data
     42 {
     43   "settings": {
     44     "number_of_shards": 3,
     45     "number_of_replicas": 1
     46   },
     47  "mappings": {
     48     "properties": {
     49       "banner": {
     50         "type": "text",
     51         "fields": {
     52           "keyword": {
     53             "type": "keyword",
     54             "ignore_above": 256
     55           }
     56         }
     57       },
     58       "geoip": {
     59         "properties": {
     60           "city_name": {
     61             "type": "text",
     62             "fields": {
     63               "keyword": {
     64                 "type": "keyword",
     65                 "ignore_above": 256
     66               }
     67             }
     68           },
     69           "continent_name": {
     70             "type": "text",
     71             "fields": {
     72               "keyword": {
     73                 "type": "keyword",
     74                 "ignore_above": 256
     75               }
     76             }
     77           },
     78           "country_iso_code": {
     79             "type": "text",
     80             "fields": {
     81               "keyword": {
     82                 "type": "keyword",
     83                 "ignore_above": 256
     84               }
     85             }
     86           },
     87           "country_name": {
     88             "type": "text",
     89             "fields": {
     90               "keyword": {
     91                 "type": "keyword",
     92                 "ignore_above": 256
     93               }
     94             }
     95           },
     96           "location": {
     97             "type": "geo_point"
     98           },
     99           "region_iso_code": {
    100             "type": "text",
    101             "fields": {
    102               "keyword": {
    103                 "type": "keyword",
    104                 "ignore_above": 256
    105               }
    106             }
    107           },
    108           "region_name": {
    109             "type": "text",
    110             "fields": {
    111               "keyword": {
    112                 "type": "keyword",
    113                 "ignore_above": 256
    114               }
    115             }
    116           }
    117         }
    118       },
    119       "ip": {
    120         "type": "ip"
    121       },
    122       "port": {
    123         "type": "integer"
    124       },
    125       "proto": {
    126         "type": "keyword"
    127       },
    128       "ref_id": {
    129         "type": "keyword"
    130       },
    131       "seen": {
    132         "type": "date"
    133       },
    134       "service": {
    135         "type": "keyword"
    136       }
    137     }
    138   }
    139 }
    140 ```