Hi forum I've just got my shiny new elastic 6.2.4 up and created my own grok filters to parse my logs, loaded the geoplugin, and boom! I got co-ordinates but no geo_point field to plot!
Please help!! I tried to load a filebeat template in - but i think its from a old 5.x elastic version - need help and lots of patience!!!
Thanks nik
Ok I have used this template
_....cut...._
"geoip": {
"properties": {
"city_name": {
"ignore_above": 1024,
"type": "keyword"
},
"continent_name": {
"ignore_above": 1024,
"type": "keyword"
},
"country_iso_code": {
"ignore_above": 1024,
"type": "keyword"
},
"location": {
"type": "geo_point"
},
"region_name": {
"ignore_above": 1024,
"type": "keyword"
}
}
_....cut...._
I write this to a local file from my editor and then post it
curl -XPUT 'http://localhost:9200/_template/filebeat?pretty' -d@filebeat_template.nik.json -H 'Content-Type: application/json'
If I mess it up I have deleted it
curl -XDELETE 'http://localhost:9200/_template/filebeat?pretty'
And retrieve it:
curl -XGET 'http://localhost:9200/_template/filebeat?pretty'
Any help at all would be great. I changed apache to log as the log type in my filebeat is "log"
Oddly enough I have a logstash index which has all my data and also the geo reference to plot my locations
I wish I could provide an educated explanation as to why, but I have what I need
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.