Nginx modules on filebeat

Hi all.
We have AWS Elastic based on ELK Opendistro. We d like to add on Filebeat and/or Metricbeat the module for Nginx but when we try to start the process it says we have problem with GEOIP and investigating a bit further we found that we need XPack in order to use GEOIP.

is that true or we have a miss-configuration somewhere else?

Are you using the opendistro filebeat/metricbeat?

Yes I do. It’s the filebeat.oss. Is that right?

@alfredo.deluca If you could post the exact error message, that might help. And as @tony indicates, you’ll need the OSS specific version which is tricky to find and distinguish from the xpack version.

Hi there. sorry for the late reply.

So the error is below:

Dec 03 08:37:45 ip-10-1-2-5 filebeat[30775]: 2020-12-03T08:37:45.077Z ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://<OUR_AWS_ELK_INSTANCE>)): Connection marked as failed because the onConnect callback failed: Error loading pipeline for fileset nginx/access: This module requires the following Elasticsearch plugins: ingest-geoip. You can install them by running the following commands on all the Elasticsearch nodes:
Dec 03 08:37:45 ip-10-1-2-5 filebeat[30775]: sudo bin/elasticsearch-plugin install ingest-geoip

The version of filebeat is OSS 7.9.3


Hi @searchymcsearchface. any clue on this?


I just heard back from the product manager - Open Distro doesn’t have the geo IP processor built-in.

oh ok…
Thanks heaps Kyle.

Appreciate it