When adding a GeoIP function to a pipeline, where do I upload .mmdb files (or where are they stored if I grabbed a pack that includes one)?
Please see the docs
You can keep them anywhere, but large lookups like the geoip db should be outside of the deployment area. Instead manage deployment via some other management system (ansible, for example).
By default, Stream will look for bare file names in $CRIBL_HOME/data/lookups
Ok, but how does the GeoIP function know where to look? The sample I grabbed from the " cribl-vpc-flow-for-security-teams" pack just has the filename in the "GeoIP file(.mmdb)" field, with no file path. Whats the default path for that?