Skip to content

Lookup Builder configuration

Both the builder services and all services using lookups (LogMan.io Parsec, LogMan.io Correlator etc.) should have the /lookups volume mapped in final docker-compose.yaml:

  lmio-ipaddrproc:
    network_mode: host
    image: docker.teskalabs.com/lmio/lmio-ipaddrproc:VERSION
    volumes:
      - ./lmio-ipaddrproc:/conf
      - /data/ssd/lookups:/lookups
    restart: on-failure:3
    logging:
      options:
        max-size: 10m

  lmio-lookupbuilder:
    network_mode: host
    image: docker.teskalabs.com/lmio/lmio-lookupbuilder:VERSION
    volumes:
      - ./lmio-lookupbuilder:/conf
      - /data/ssd/lookups:/lookups
    restart: on-failure:3
    logging:
      options:
        max-size: 10m

Lookup Builder

Lookup Builder requires following dependencies:

  • ElasticSearch
  • Library
  • Tenants list

This is the minimalistic example of the LogMan.io LookupBuilder configuration:

[elasticsearch]
url=http://es01:9200/

[library]
providers=zk:///library

[tenants]
ids=mytenant

ElasticSearch

Specify URLs of ElasticSearch master nodes.

[elasticsearch]
url=http://es01:9200/
username=MYUSERNAME
password=MYPASSWORD

lookup

The base path where the build lookups are going to be stored to can be changed:

[lookup]
base_path=/lookups

IP Address Processor

LogMan.io IP Address Processor requires following dependencies:

  • ElasticSearch
  • Library
  • Tenants list

This is the minimalistic example of the LogMan.io LookupBuilder configuration:

[elasticsearch]
url=http://es01:9200/

[library]
providers=zk:///library

[tenants]
ids=mytenant