Hi,
Since I updated to Version: 6.1.1 (Logstash, Elasticsearch, Kibana) I recieve the following error. I searched today and read a few things about that.
I have the following lines in: 11-pfsense.conf
geoip {
add_tag => [ "GeoIP" ]
source => "src_ip"
# Optional GeoIP database
# Comment out the below if you do not wise to utilize and omit last three steps dealing with (recommended) suffix
database => "/etc/logstash/GeoLite2-City.mmdb"
}
I recieve this output in Kibana:
{
"_index": "logstash-2018.03.25",
"_type": "doc",
"_id": "0iNfXmIB3glQha35s4iQ",
"_version": 1,
"_score": null,
"_source": {
"@timestamp": "2018-03-25T18:15:52.000Z",
"reason": "match",
"dest_ip": "192.168.0.20",
"action": "pass",
"id": "48297",
"ip_ver": "4",
"host": "192.168.0.1",
"proto_id": "6",
"ttl": "55",
"tags": [
"PFSense",
"firewall",
"GeoIP"
],
"type": "syslog",
"dest_port": "XX881",
"evtid": "134",
"prog": "filterlog",
"length": "60",
"geoip": {
"location": {
"lon": 2.3387000000000002,
"lat": 48.8582
},
"timezone": "Europe/Paris",
"ip": "62.210.209.49",
"country_name": "France",
"continent_code": "EU",
"country_code3": "FR",
"latitude": 48.8582,
"longitude": 2.3387000000000002,
"country_code2": "FR"
},
"tracker": "1459961264",
"proto": "tcp",
"message": "93,,,1459961264,em0,match,pass,in,4,0x0,,55,48297,0,DF,6,tcp,60,XX.210.209.49,192.168.0.20,XX876,16881,0,S,74249952,,29200,,mss;sackOK;TS;nop;wscale",
"@version": "1",
"rule": "93",
"src_ip": "XX.210.209.49",
"src_port": "XX876",
"data_length": "0",
"iface": "em0",
"tos": "0x0",
"direction": "in",
"flags": "DF",
"offset": "0"
},
"fields": {
"@timestamp": [
"2018-03-25T18:15:52.000Z"
]
},
"sort": [
1522001752000
]
}
Why I recieve geopi.location error in the Heatmap. I don't have a field in the index which is named geopip.location. How can I create that?