Cannot create Tile Map visualization

Elastic Stack Kibana
1

Hi Guys,

I'm dealing with some problem to create a visualization on Kibana.
I debugged my previous log stash problem to match the good field with Geo Info and apply a filter to use the GeoIPDatabase, now I have the populated fields below in Kibana, working fine:
t geoip.city_name
t geoip.continent_code
t geoip.country_code2
t geoip.country_code3
t geoip.country_name
t geoip.ip
# geoip.latitude
# geoip.location.lat
# geoip.location.lon
# geoip.longitude
t geoip.postal_code
t geoip.region_code
t geoip.region_name
t geoip.timezone

But I still get the following error when creating the visualization:
"No Compatible Fields: The "xxx_index" index pattern does not contain any of the following field types: geo_point"

I read the following topic : https://www.elastic.co/blog/geoip-in-the-elastic-stack
But I don't understand why my fields (geoip.location.lat, geoip.location.lon, geoip.longitude, geoip.latitude) are not similar to the ones in the post (location, latitude, longitude), am I missing something ?

Do you have any ideas ?
Many thanks for your precious help

Kibana version used : 5.4.2

2

Can you provide your mapping for this index?

3

Hi,

Sure, it is:

name type
geoip.timezone string
Compliant Sessions number
geoip.region_name.keyword string
geoip.country_code2.keyword string
Last Login IP Address string
geoip.country_name.keyword string
type string
path string
Successful Logins number
geoip.region_code.keyword string
type.keyword string
Last Login IP Address.keyword string
host string
geoip.city_name.keyword string
host.keyword string
geoip.longitude number
geoip.location.lat number
@version.keyword string
Realm.keyword string
geoip.region_name string
tags string
Last Login Time string
Non-Compliant Sessions number
geoip.continent_code.keyword string
message.keyword string
geoip.latitude number
_source _source
geoip.continent_code string
Average Session Length string
Total Session Time string
geoip.postal_code.keyword string
geoip.region_code string
tags.keyword string
geoip.country_code3.keyword string
Failed Logins number
geoip.ip string
Average Session Length.keyword string
geoip.dma_code number
geoip.country_code3 string
geoip.country_code2 string
@version string
geoip.country_name string
Realm string
Last Login Time.keyword string
geoip.city_name string
message string
geoip.ip.keyword string
Total Session Time.keyword string
geoip.postal_code string
LastLoginTime date
@timestamp date
Username.keyword string
Username string
geoip.location.lon number
geoip.timezone.keyword string
Remediated Sessions number
path.keyword string
_id string
_type string
_index string
_score number

4

This seems like a question for the logstash folks... It doesn't look like any of those fields are of type geo_point. Perhaps there's something in the logstash config that you can configure to get the right field type?

5

Hi,

OK, thanks.
I thought that because catching of IP and interrogation of the GeoIP database succeeded, it was ok.
But if I understand you, it's not sufficient.

I'll have a look to logstash to see what I can get.

Thanks for your time

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.