Skip to content

ip2location/fluent-plugin-ip2location

BranchesTags

Repository files navigation

IP2Location Fluentd Filter Plugin

fluent-plugin-ip2location is a Fluentd filter plugin that enriches Fluentd events with IP geolocation data from an IP2Location BIN database.

It reads an IP address from a configured record field, queries the IP2Location Ruby library against an IP2Location BIN database, and writes selected lookup fields back into the event record.

Features

  • Reads IP address from a top-level or nested record field, for example ip, remote_addr, or $.client.ip.
  • Supports nested output fields, for example ip2location or $.enrichment.ip2location.
  • Supports IP2Location geolocation fields including country, region, city, latitude, longitude, ISP, domain, ZIP code, time zone, usage type, ASN and AS name.
  • Skips invalid IP addresses and private/local IP addresses by default.
  • Supports configurable field selection.
  • Supports an in-memory lookup cache.

Installation

Install it into the Ruby environment used by Fluentd:

fluent-gem install fluent-plugin-ip2location

Or add it to your Gemfile:

gem "fluent-plugin-ip2location"

Then run:

bundle install

IP2Location database

This plugin requires an IP2Location BIN database file. For DB26, use a file such as:

IPV6-COUNTRY-REGION-CITY-LATITUDE-LONGITUDE-ZIPCODE-TIMEZONE-ISP-DOMAIN-NETSPEED-AREACODE-WEATHER-MOBILE-ELEVATION-USAGETYPE-ADDRESSTYPE-CATEGORY-DISTRICT-ASN.BIN

Place the BIN file somewhere readable by the Fluentd process, for example:

/opt/ip2location/IPV6-COUNTRY-REGION-CITY-LATITUDE-LONGITUDE-ZIPCODE-TIMEZONE-ISP-DOMAIN-NETSPEED-AREACODE-WEATHER-MOBILE-ELEVATION-USAGETYPE-ADDRESSTYPE-CATEGORY-DISTRICT-ASN.BIN

Fluentd configuration

<filter app.**>
  @type ip2location
  database /opt/ip2location/IPV6-COUNTRY-REGION-CITY-LATITUDE-LONGITUDE-ZIPCODE-TIMEZONE-ISP-DOMAIN-NETSPEED-AREACODE-WEATHER-MOBILE-ELEVATION-USAGETYPE-ADDRESSTYPE-CATEGORY-DISTRICT-ASN.BIN
  ip_field $.client.ip
  output_field $.ip2location
  fields country_short,country_long,region,city,latitude,longitude,isp,domain,zipcode,timezone,usagetype,asn,as
  skip_private_ip true
  skip_invalid_ip true
  cache_size 10000
  on_error warn
</filter>

Input record

{
  "client": {
    "ip": "8.8.8.8"
  },
  "message": "hello"
}

Output record

{
  "client": {
    "ip": "8.8.8.8"
  },
  "message": "hello",
  "ip2location": {
    "country_short": "US",
    "country_long": "United States of America",
    "region": "California",
    "city": "Mountain View",
    "latitude": 37.40599,
    "longitude": -122.078514,
    "isp": "Google LLC",
    "zipcode": "94043",
    "timezone": "-08:00",
    "asn": "15169",
    "as": "Google LLC"
  }
}

Configuration parameters

Parameter Required Default Description
database Yes - Absolute path to the IP2Location BIN database file.
ip_field Yes - Record field containing the IP address. Supports Fluentd record accessor syntax, for example ip, remote_addr, or $.client.ip.
output_field No ip2location Destination field for enrichment output. Supports record accessor syntax. Ignored when merge_record true.
fields No all Comma-separated list of IP2Location fields to include. Use all to include every supported field.
merge_record No false When true, writes enrichment fields into the root record instead of a nested object.
prefix No ip2location_ Prefix used when merge_record true.
skip_invalid_ip No true When true, invalid IP values are ignored. When false, invalid IP values raise an error.
skip_private_ip No true When true, private, loopback and link-local IPs are not looked up.
include_unknown No false When false, empty values and - values returned by IP2Location are omitted.
cache_size No 10000 Maximum number of IP lookup results kept in memory. Set 0 to disable caching.
on_error No warn Lookup error behavior. One of ignore, warn, or raise.

Supported fields

country_short,country_long,region,city,isp,latitude,longitude,domain,zipcode,timezone,netspeed,iddcode,areacode,weatherstationcode,weatherstationname,mcc,mnc,mobilebrand,elevation,usagetype,addresstype,category,district,asn,as,as_domain,as_usagetype,as_cidr

Merge fields into the root record

<filter app.**>
  @type ip2location
  database /opt/ip2location/IPV6-COUNTRY-REGION-CITY-LATITUDE-LONGITUDE-ZIPCODE-TIMEZONE-ISP-DOMAIN-NETSPEED-AREACODE-WEATHER-MOBILE-ELEVATION-USAGETYPE-ADDRESSTYPE-CATEGORY-DISTRICT-ASN.BIN
  ip_field remote_addr
  merge_record true
  prefix geoip_
  fields country_short,country_long,city,asn,as
</filter>

Output example:

{
  "remote_addr": "8.8.8.8",
  "geoip_country_short": "US",
  "geoip_country_long": "United States of America",
  "geoip_city": "Mountain View",
  "geoip_asn": "15169",
  "geoip_as": "Google LLC"
}

Development

Install dependencies:

bundle install

Run tests:

bundle exec rake

Build the gem locally:

gem build fluent-plugin-ip2location.gemspec

Install the local gem:

gem install fluent-plugin-ip2location-0.1.0.gem

Run the example configuration from the project directory:

bundle exec fluentd -c example/fluent.conf -p ./lib

Update the database path in example/fluent.conf before running it.

License

LICENSE.txt

About

Fluentd filter plugin that enriches Fluentd events with IP geolocation data from an IP2Location BIN database.

www.ip2location.com/

Topics

geolocation fluentd ip-geolocation fluent ip2location fluent-plugin ip-database ip2location-filter-plugin

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

Initial Latest
Jun 24, 2026

Packages

 
 
 

Contributors

Languages