Skip to main content
Solved

Cribl API Call Missing For Automatic GeoIP Database Update

  • February 25, 2026
  • 3 replies
  • 12 views
A
This message originated from Cribl Community Slack.
Click here to view the original link.

i want to automatically update the geoIP database stored in knowledge, does cribl have api call for updating it?

Best answer by David Maislin

Yes, Cribl provides an API for updating the GeoIP (MaxMind) database in Cribl.Cloud and distributed deployments. For Cribl.Cloud, you can automate updates using the Leader API. The process involves: 1. Download the latest .mmdb file from MaxMind (using geoipupdate or direct download). 2. Generate an API access token via OAuth. 3. Upload the new .mmdb file using a PUT request to the Lookups endpoint. 4. Patch the lookup to reference the uploaded temp file. 5. Commit the change to version control via the API. 6. Deploy the new version using the commit ID. Example API calls (replace placeholders as needed): 
# 1. Get OAuth token
curl --request POST \
  --url https://login.cribl.cloud/oauth/token \
  --header "content-type: application/json" \
  --data '{"grant_type":"client_credentials", "client_id": "<client_id>", "client_secret": "<client_secret>", "audience": "https://api.cribl.cloud"}'
# 2. Upload .mmdb file
curl -X PUT 'https://main-<your-org>.cribl.cloud/api/v1/m/default/system/lookups?filename=GeoLite2-City.mmdb' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: text/csv' \
  --data-binary '@/path/to/GeoLite2-City.mmdb'
# 3. Patch lookup with temp filename from previous response
curl -X PATCH 'https://main-<your-org>.cribl.cloud/api/v1/m/default/system/lookups/GeoLite2-City.mmdb' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{"id":"GeoLite2-City.mmdb","fileInfo":{"filename":"GeoLite2-City.mmdb.<tmp>"}}'
# 4. Commit the change
curl -X POST 'https://main-<your-org>.cribl.cloud/api/v1/version/commit' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{"message":"automation@cribl:commit","group":"default","files":["groups/default/data/lookups/GeoLite2-City.mmdb","groups/default/data/lookups/GeoLite2-City.yml"]}'
# 5. Deploy the new version
curl -X PATCH 'https://main-<your-org>.cribl.cloud/api/v1/master/groups/default/deploy' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{"version":"<commit-ID>"}'

3 replies

David Maislin
  • David Maislin
  • Employee
  • Answer
  • February 25, 2026
Yes, Cribl provides an API for updating the GeoIP (MaxMind) database in Cribl.Cloud and distributed deployments. For Cribl.Cloud, you can automate updates using the Leader API. The process involves: 1. Download the latest .mmdb file from MaxMind (using geoipupdate or direct download). 2. Generate an API access token via OAuth. 3. Upload the new .mmdb file using a PUT request to the Lookups endpoint. 4. Patch the lookup to reference the uploaded temp file. 5. Commit the change to version control via the API. 6. Deploy the new version using the commit ID. Example API calls (replace placeholders as needed): 
# 1. Get OAuth token
curl --request POST \
  --url https://login.cribl.cloud/oauth/token \
  --header "content-type: application/json" \
  --data '{"grant_type":"client_credentials", "client_id": "<client_id>", "client_secret": "<client_secret>", "audience": "https://api.cribl.cloud"}'
# 2. Upload .mmdb file
curl -X PUT 'https://main-<your-org>.cribl.cloud/api/v1/m/default/system/lookups?filename=GeoLite2-City.mmdb' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: text/csv' \
  --data-binary '@/path/to/GeoLite2-City.mmdb'
# 3. Patch lookup with temp filename from previous response
curl -X PATCH 'https://main-<your-org>.cribl.cloud/api/v1/m/default/system/lookups/GeoLite2-City.mmdb' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{"id":"GeoLite2-City.mmdb","fileInfo":{"filename":"GeoLite2-City.mmdb.<tmp>"}}'
# 4. Commit the change
curl -X POST 'https://main-<your-org>.cribl.cloud/api/v1/version/commit' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{"message":"automation@cribl:commit","group":"default","files":["groups/default/data/lookups/GeoLite2-City.mmdb","groups/default/data/lookups/GeoLite2-City.yml"]}'
# 5. Deploy the new version
curl -X PATCH 'https://main-<your-org>.cribl.cloud/api/v1/master/groups/default/deploy' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{"version":"<commit-ID>"}'
A
  • aakash.sahu336
  • Author
  • New Participant
  • February 25, 2026
thankyou
B
  • bhayes111
  • Employee
  • February 25, 2026
I wrote this a few years ago to scratch this itch: https://github.com/berthayes/cribl-geoipupdate
Terms & ConditionsAccessibility statement