[jira] (METRON-680) GeoLiteDatabase incorrectly using country geoname_id instead of city
Title: Message Title Justin Leet commented on METRON-680 Re: GeoLiteDatabase incorrectly using country geoname_id instead of city We actually use the field directly for the "Unique-Location(s)" visualization in Kibana. How we choose to populate the field changes the meaning of the count, which is where that question comes from. If we're fine counting only the city's geoname_id for that field, the switch to city is a one line change + test fix. The swapped data is in the same format as the current data, so the change to city is something I could have a PR for very quickly. Add Comment This message was sent by Atlassian JIRA (v6.3.15#6346-sha1:dbc023d)
[jira] (METRON-680) GeoLiteDatabase incorrectly using country geoname_id instead of city
Title: Message Title James Sirota commented on METRON-680 Re: GeoLiteDatabase incorrectly using country geoname_id instead of city The kibana dashboards feed off the lat/lon coordinates. This field is used primarily for log correlation. We include the locID for convenience, but it's not a hard requirement to have it. We definitely don't want use city else use country. We should be consistent. If city doesn't exist then we should just not have anything there Add Comment This message was sent by Atlassian JIRA (v6.3.15#6346-sha1:dbc023d)
[jira] (METRON-680) GeoLiteDatabase incorrectly using country geoname_id instead of city
Title: Message Title James Sirota updated an issue Metron / METRON-680 GeoLiteDatabase incorrectly using country geoname_id instead of city Change By: James Sirota Priority: Major Minor Add Comment This message was sent by Atlassian JIRA (v6.3.15#6346-sha1:dbc023d)
[jira] (METRON-680) GeoLiteDatabase incorrectly using country geoname_id instead of city
Title: Message Title Justin Leet commented on METRON-680 Re: GeoLiteDatabase incorrectly using country geoname_id instead of city The part about including the country's code as the city isn't always true. See: 23.129.1.0/24,,6252001,,0,0 It's the U.S. (http://www.geonames.org/6252001/united-states.html), but doesn't attach any city information to it. Do we need to be doing a fallback of "Use city if available, else use country"? Add Comment This message was sent by Atlassian JIRA (v6.3.15#6346-sha1:dbc023d)
[jira] (METRON-680) GeoLiteDatabase incorrectly using country geoname_id instead of city
Title: Message Title
Justin Leet created an issue
Metron / METRON-680
GeoLiteDatabase incorrectly using country geoname_id instead of city
Issue Type:
Bug
Assignee:
Justin Leet
Created:
31/Jan/17 14:12
Priority:
Major
Reporter:
Justin Leet
Due to misunderstanding exactly how things tied together with the updated database, the wrong field is used for the locId. Instead of using the city's geoname_id, we are using the country's.
This will effect Kibana dashboards and anything that depends on the locId, because it will be retrieved at the country level instead of the city level. The change will not break anything (anything not at the city level uses the country's code, e.g. if the IP is for Japan in general, the city code is 1861060, not empty or null). This example from the plaintext database can be seen in the second and third fields at:
1.112.0.0/15,1861060,1861060,,0,0,,35.6900,139.6900,500
The offending code is in `GeoLiteDatabase.java` and should be `geoInfo.put("locID", convertNullToEmptyString(country.getGeoNameId()));`
This should be updated to grab the city's geoname, and tests should be updated to reflect this (they didn't catch this error because of the misunderstood data change, not an error in coding).
Ideally, this field is renamed and better documented as part of METRON-679
