I double checked the message processing setting and it is in the correct order.
After enabling DEBUG for the GeoIP plugin I noticed that I don't see any log entries for the IP addresses that are stored within my extracted fields. I only see logs related to IPs from the fields "source" and "gl2_remote_ip". Since I have a four node Graylog cluster I wonder if it is possible that the setting has been only applied to the node that I use for the UI and not the one receiving the logs. Do you know how the setting is stored? On a per node basis or cluster-wide? How can I make sure that all nodes have the correct message processing? Bye, Jan Am Dienstag, 30. August 2016 11:15:01 UTC+2 schrieb Jochen Schalanda: > > Hi Jan, > > from your description and the order of message processors you've described > (please check again according to > http://docs.graylog.org/en/2.0/pages/geolocation.html#configure-the-message-processor) > > it should work. > > You can set the logger org.graylog.plugins.map.geoip to DEBUG for more > information what's happening inside the GeoIP resolver (see > /system/loggers in the Graylog REST API or the log4j2.xml configuration > file). > > Also keep in mind that 192.168.100.95 is an IP address from a private IP > range (see RFC 1918) and will naturally not yield any geo location > information. > > > Cheers, > Jochen > > On Tuesday, 30 August 2016 10:39:59 UTC+2, Jan wrote: >> >> >> <https://lh3.googleusercontent.com/-b7WxBzSMmp8/V8VGUMKkHaI/AAAAAAAAOUo/mmdeyzdXOD0iGKhACS4kdpInPVo4kk3FQCLcB/s1600/IP_extracted.png> >> >> Not sure... I thought I posted some examples. So here is a screenshot: >> >> >> >> >> >> Am Dienstag, 30. August 2016 10:16:01 UTC+2 schrieb Jochen Schalanda: >>> >>> Hi Jan, >>> >>> On Tuesday, 30 August 2016 10:03:24 UTC+2, Jan wrote: >>>> >>>> An Example message can look like this […] >>>> >>> >>> Okay, and how does it look like after you've extracted those IP >>> addresses? >>> >>> >>> Cheers, >>> Jochen >>> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/05ec0e27-1b18-4619-a08d-05236c364ba3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
