I double checked the message processing setting and it is in the correct order.
After enabling DEBUG for the GeoIP plugin I noticed that I don't see any log entries for the IP addresses that are stored within my extracted fields. I only see logs related to IPs from the fields "source" and "gl2_remote_ip". Since I have a four node Graylog cluster I wonder if it is possible that the setting has been only applied to the node that I use for the UI and not the one receiving the logs. Do you know how the setting is stored? On a per node basis or cluster-wide? How can I make sure that all nodes have the correct message processing? Bye, Jan Am Dienstag, 30. August 2016 11:15:01 UTC+2 schrieb Jochen Schalanda: > > Hi Jan, > > from your description and the order of message processors you've described > (please check again according to > http://docs.graylog.org/en/2.0/pages/geolocation.html#configure-the-message-processor) > > it should work. > > You can set the logger org.graylog.plugins.map.geoip to DEBUG for more > information what's happening inside the GeoIP resolver (see > /system/loggers in the Graylog REST API or the log4j2.xml configuration > file). > > Also keep in mind that 192.168.100.95 is an IP address from a private IP > range (see RFC 1918) and will naturally not yield any geo location > information. > > > Cheers, > Jochen > > On Tuesday, 30 August 2016 10:39:59 UTC+2, Jan wrote: >> >> >> <https://lh3.googleusercontent.com/-b7WxBzSMmp8/V8VGUMKkHaI/AAAAAAAAOUo/mmdeyzdXOD0iGKhACS4kdpInPVo4kk3FQCLcB/s1600/IP_extracted.png> >> >> Not sure... I thought I posted some examples. So here is a screenshot: >> >> >> >> >> >> Am Dienstag, 30. August 2016 10:16:01 UTC+2 schrieb Jochen Schalanda: >>> >>> Hi Jan, >>> >>> On Tuesday, 30 August 2016 10:03:24 UTC+2, Jan wrote: >>>> >>>> An Example message can look like this […] >>>> >>> >>> Okay, and how does it look like after you've extracted those IP >>> addresses? >>> >>> >>> Cheers, >>> Jochen >>> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/05ec0e27-1b18-4619-a08d-05236c364ba3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
