Hi,
I'm attempting to update the index pattern in Elasticsearch with the target geoip I've set in logstash, which is currently:
geoip
{
source => "Remote"
target => "RemoteGEOIP"
}
geoip
{
source => "Local"
target => "LocalGEOIP"
}
And with my index pattern called logstash-syslog-*, I'm using the below index template like this being sent within Postman to the index.
{
"RemoteGEOIP" :
{
"type" : "object",
"dynamic": true,
"path": "full",
"properties" :
{
"location" : { "type" : "geo_point" }
}
}
}
I have also tried logstash-syslog-*/RemoteGEOIP/_mapping but I keep getting errors relating to sytax with the above. I think I'm messing up the index template but I'm not sure where. Any help be appreciated
