MaxMind Configuration

Humio includes GeoLite2 databases from MaxMind to enable ASN and IP location lookups via the asn and ipLocation function, respectively.

Due to the way these databases are licensed, they expire after 30 days and thus must be updated regularly. If the IP location database or IP ASN database expires, then any calls to ipLocation or asn will cause a warning in the query and not add any location or ASN data to the event.

By default, the database is automatically updated via an update service hosted by Humio if the cluster is running with a valid Humio license.

If instead you wish to manage this yourself, you can supply your own MaxMind databases by setting AUTO_UPDATE_MAXIND to false and placing the databases in the Humio data directory. The databases should be named the following:

  • IpLocationDb.mmdb, for the IP location database.
  • IpAsnDb.mmdb, for the IP ASN database.

Humio will check these files periodically and reload them if they are updated.

It is also possible for Humio to automatically download directly from MaxMind if you have a MaxMind license. To do so, the following must be set:

  • AUTO_UPDATE_MAXIND, to true (default).
  • MAXMIND_ACCOUNT_ID, to the ID of your MaxMind account.
  • MAXMIND_LICENSE_KEY, to the license key for your MaxMind account.
  • MAXMIND_IP_LOCATION_EDITION_ID (optional), if you wish to use an alternative MaxMind database for IP location information.
  • MAXMIND_BASE_URL (optional), if you wish to use another base path to download from.

Example

AUTO_UPDATE_MAXIND=true
MAXMIND_ACCOUNT_ID=your-account-id
MAXMIND_LICENSE_KEY=your-license-key
MAXMIND_IP_LOCATION_EDITION_ID=GeoLite2-City
MAXMIND_BASE_URL=http://my-maxmind-proxy.local