geoip_database_unavailable

winlogbeat(v8.3.1) 파이프라인에 geoip processor를 추가했는데 지리 정보를 가져오지 못한다.

엘라스틱 로그를 보니 geoip database에 문제가 생긴 듯.

[2022-08-08T18:24:51,972][ERROR][o.e.i.g.GeoIpDownloader  ] [MHKANG] exception during geoip databases update
org.elasticsearch.ElasticsearchException: not all primary shards of [.geoip_databases] index are active
        at org.elasticsearch.ingest.geoip.GeoIpDownloader.updateDatabases(GeoIpDownloader.java:134) ~[ingest-geoip-8.3.1.jar:8.3.1]
        at org.elasticsearch.ingest.geoip.GeoIpDownloader.runDownloader(GeoIpDownloader.java:274) [ingest-geoip-8.3.1.jar:8.3.1]
        at org.elasticsearch.ingest.geoip.GeoIpDownloaderTaskExecutor.nodeOperation(GeoIpDownloaderTaskExecutor.java:102) [ingest-geoip-8.3.1.jar:8.3.1]
        at org.elasticsearch.ingest.geoip.GeoIpDownloaderTaskExecutor.nodeOperation(GeoIpDownloaderTaskExecutor.java:48) [ingest-geoip-8.3.1.jar:8.3.1]
        at org.elasticsearch.persistent.NodePersistentTasksExecutor$1.doRun(NodePersistentTasksExecutor.java:42) [elasticsearch-8.3.1.jar:?]
        at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:769) [elasticsearch-8.3.1.jar:?]
        at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:26) [elasticsearch-8.3.1.jar:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]
        at java.lang.Thread.run(Thread.java:833) [?:?]
[2022-08-08T18:24:52,083][WARN ][o.e.i.g.GeoIpDownloader  ] [MHKANG] could not delete old chunks for geoip database [GeoLite2-Country.mmdb]

기존 데이터베이스를 지우기 위해 geoip 관리 설정 변경.

PUT _cluster/settings
{
  "persistent": {
    "ingest.geoip.downloader.enabled": false
  }
}

엘라스틱 재시작 후 다운로드 활성화. 

PUT _cluster/settings
{
  "persistent": {
    "ingest.geoip.downloader.enabled": true
  }
}

[2022-08-08T18:38:41,539][INFO ][o.e.c.s.ClusterSettings  ] [MHKANG] updating [ingest.geoip.downloader.enabled] from [false] to [true]
[2022-08-08T18:38:43,450][INFO ][o.e.c.m.MetadataCreateIndexService] [MHKANG] [.geoip_databases] creating index, cause [auto(bulk api)], templates [], shards [1]/[0]
[2022-08-08T18:38:44,105][INFO ][o.e.i.g.GeoIpDownloader  ] [MHKANG] successfully downloaded geoip database [GeoLite2-ASN.mmdb]
[2022-08-08T18:38:44,333][INFO ][o.e.i.g.DatabaseNodeService] [MHKANG] successfully loaded geoip database file [GeoLite2-ASN.mmdb]
[2022-08-08T18:38:54,483][INFO ][o.e.i.g.GeoIpDownloader  ] [MHKANG] successfully downloaded geoip database [GeoLite2-City.mmdb]
[2022-08-08T18:38:55,318][INFO ][o.e.i.g.DatabaseNodeService] [MHKANG] successfully loaded geoip database file [GeoLite2-City.mmdb]
[2022-08-08T18:38:56,193][INFO ][o.e.i.g.GeoIpDownloader  ] [MHKANG] successfully downloaded geoip database [GeoLite2-Country.mmdb]
[2022-08-08T18:38:56,290][INFO ][o.e.i.g.DatabaseNodeService] [MHKANG] successfully loaded geoip database file [GeoLite2-Country.mmdb]

이제 잘 가져온다.

관련 글

• ingest pipeline - 2nd