Hi,
I am practicing and learning ELK. I am using a new version of ELK 7.1.1 I have successfully created conf file and I used a simple log file ( few lines). I want to use it to practice coordinate maps. Although I do not see this feature on 7.1.1 version (I assume it is built in region maps maybe). Anyhow, at my job we use 5.6.1 version where this visualization is present, but for personal practice I use newer version. Everything seems to be ok, yet I cannot find the index in my Kibana. I wonder why? Does it have something to do with compatibility?
Here are my conf file and data from my log file:
Conf file
input {
file {
path => "C:\ELK\geo_point\geo_point.txt"
start_position => "beginning"
}
}
filter {
grok { match => { "message" => "%{IPORHOST:clientip} %{USER:ident} %{USER:auth} [%{HTTPDATE:timestamp}] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:response} (?:%{NUMBER:bytes}|-)" } }
geoip { source => "clientip" }
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "geo_point_expz"
template => "C:\ELK\mytemplate.json"
}
}
Log file data:
104.194.203.69 - - [01/Apr/2017:16:21:15 +0000] "GET /favicon.ico HTTP/1.1" 200 3638 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
104.194.203.69 - - [01/Apr/2017:16:22:15 +0000] "GET /favicon.ico HTTP/1.1" 200 3638 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
104.194.203.69 - - [01/Apr/2017:16:23:15 +0000] "GET /favicon.ico HTTP/1.1" 200 3638 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
104.194.203.69 - - [01/Apr/2017:16:24:15 +0000] "GET /favicon.ico HTTP/1.1" 200 3638 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"