graylog2-server icon indicating copy to clipboard operation
graylog2-server copied to clipboard
verified publisher icon Graylog2

Please add an option for Geo-IP field name format

Open H2Cyber opened this issue 3 years ago • 0 comments

After upgrading to 4.3.1, I noticed that the field names for geo-located-IPs have changed from :

src_city_name
src_country_code
src_geolocation

to :

src_geo_city
src_geo_coordinates
src_geo_country
src_geo_country_iso
src_geo_name
src_geo_region
src_geo_timezone

I have therefore went throught all my event definitions, dashboards and views to update the field names.

Now, and after upgrading to 4.3.4, it seems the old field names are being reused again, so I am back from :

src_geo_city
src_geo_coordinates
src_geo_country
src_geo_country_iso
src_geo_name
src_geo_region
src_geo_timezone

to :

src_city_name
src_country_code
src_geolocation

I guess I'll have no choice but to revert the changes I've done previousely on all event definitions, dashboards and views that used the new field names.

Meanwhile, and to avoid this back and forth for other users, can we please have an extra option in the Geo-Location Processor that lets the user decide which format to use (legacy vs new) ?

H2Cyber avatar Aug 08 '22 12:08 H2Cyber