Adding Custom GeoIP Target To Index Pattern

F_Terrie · May 10, 2018, 11:27am

Hi,

I'm attempting to update the index pattern in Elasticsearch with the target geoip I've set in logstash, which is currently:

                         geoip
			{
				source => "Remote"
				target => "RemoteGEOIP"
			}

			geoip
			{
				source => "Local"
				target => "LocalGEOIP"
			}

And with my index pattern called logstash-syslog-*, I'm using the below index template like this being sent within Postman to the index.

{
"RemoteGEOIP" :
{
"type" : "object",
"dynamic": true,
"path": "full",
"properties" :
{
"location" : { "type" : "geo_point" }
}
}
}

I have also tried logstash-syslog-*/RemoteGEOIP/_mapping but I keep getting errors relating to sytax with the above. I think I'm messing up the index template but I'm not sure where. Any help be appreciated

system · June 7, 2018, 11:29am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Using custom target for geoip filter, how to update Elasticsearch template? Logstash	7	753	April 21, 2018
Help - Custom GeoIP Target / Updating Template/Index Kibana	10	621	December 22, 2020
Geoip index mapping defaults to using logstash-* Logstash	8	5601	July 6, 2017
Does logstash map to geo_point type when parsing geoip? Logstash	3	340	August 10, 2020
Still has the problem that index pattern does not contain any of the following field types: geo_point Elasticsearch	4	424	November 29, 2018

Adding Custom GeoIP Target To Index Pattern

Related topics