Re: Unable to load geoip enrichments

Sun, 28 Apr 2019 10:57:11 -0700 

Hi Dave -

Justin's comments are spot-on, but I'd like to add just a bit more color.

All that script does is load up the Maxmind database files into HDFS.  If
it has been successful, you are going to see something like the following
in HDFS.

[root@node1 ~]# hdfs dfs -ls /apps/metron/geo/default
Found 1 items
-rw-r--r--   1 metron metron   29314052 2019-04-26 19:16
/apps/metron/geo/default/GeoLite2-City.tar.gz


You can fully validate that everything is working from the REPL by doing
the following.

[root@node1 ~]# source /etc/default/metron
[root@node1 ~]# cd $METRON_HOME
[root@node1 0.7.1]# bin/stellar -z $ZOOKEEPER
...
Stellar, Go!
..

[Stellar]>>> %functions GEO
GEOHASH_CENTROID, GEOHASH_DIST, GEOHASH_FROM_LATLONG, GEOHASH_FROM_LOC,
GEOHASH_MAX_DIST, GEOHASH_TO_LATLONG, GEO_GET, STATS_GEOMETRIC_MEAN

[Stellar]>>> GEO_GET("4.4.4.4")
{country=US, dmaCode=, city=, postalCode=, latitude=37.751,
location_point=37.751,-97.822, locID=, longitude=-97.822}


If it is not working, you will get an error when running `GEO_GET` from the
REPL.



On Sat, Apr 27, 2019 at 10:08 PM Justin Leet <[email protected]> wrote:

> Maxmind Geo/ASN enrichment doesn't go through HBase. Those files are
> pulled down and stored in memory (They're essentially queryable DBs for the
> data) during the lifetime of the Storm topology itself.
>
> If data isn't being enriched with Geo data (and as a sanity check, make
> sure you're properly configuring the topology to use it), I'd check that
> the global config for the geo location matches where the files are and the
> Storm topology to see if there any errors. Off the top of my head, I
> believe it would probably be something to the effect of "Unable to read
> MaxMind DB".
>
> Justin
>
> On Sat, Apr 27, 2019 at 8:58 PM David Auclair <[email protected]>
> wrote:
>
>> Hey,
>>
>>
>>
>> Currently running Metron 0.7.1 (via HCP 1.9.1), and I’m unable to load
>> the default geoip enrichments.
>>
>>
>>
>> I’m running the following command:
>>
>> /usr/hcp/current/metron/bin/maxmind_enrichment_load.sh –z zookeeper:2181
>>
>>
>>
>> And it looks like it’s successfully writing the ASN and geolite feeds to
>> HDFS.
>>
>>
>>
>> But that’s it.  It doesn’t appear to be written to HBase (there’s not
>> even a table created for enrichments).
>>
>>
>>
>> Did I miss a step?
>>
>>
>>
>> Thanks in advance!
>>
>>
>>
>> -Dave
>>
>

Reply via email to