I'm trying to create a map with all my latitude and longitude fields but when I try to create a map on Elastic, they don't show nothing, someone could help me?
my logstash conf:
input {
# I sent via http JSON files to logstash
http {
host => "0.0.0.0"
port => 8085
codec => json
response_headers => {
"Access-Control-Allow-Origin" => "*"
"Content-Type" => "text/plain"
"Access-Control-Allow-Headers" => "Origin, X-Requested-With, Content-Type, Accept"
}
}
}
filter {
# I'm trying to filter some infos but the "[geoip][coordinates" receive values but does not working no Elasticsearch When I try to create a map.
grok {
match => { "message" => "%[headers][http_user_agent]" }
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
geoip {
source => "host"
target => "geoip"
database => "./GeoLite2-Country_20211019/GeoLite2-Country.mmdb"
add_field => [ "[geoip][coordinates]", "%{[info][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[info][latitude]}" ]
}
mutate {
convert => [ "[geoip][coordinates]", "float"]
rename => { "[info][país]" => "[info][country]" }
rename => { "[info][operadora]" => "[info][operator]" }
rename => { "[info][região]" => "[info][region]" }
rename => { "[info][cidade]" => "[info][city]" }
add_field => { "dnsname" => "%{host}" }
}
dns {
reverse => [ "dnsname" ]
action => "replace"
}
useragent {
source => "[headers][http_user_agent]"
}
}
output {
elasticsearch {
hosts => "http://localhost:9200"
index => "logstash-formulario"
template_name => "meumapa"
}
stdout { codec => "rubydebug" }
}
My log in the logstash (this is going to Elastic)
I saw:
"geoip" => { "ip" => "174.6.125.76",
"coordinates" => [ [0] -123.1193, [1] 49.2497 ]
is corret but I still can't create a map.
{
"pergunta6" => "don't share wifi",
"pergunta5" => "consigo me virar bem",
"version" => "94.0.4606.81",
"headers" => {
"accept_encoding" => "gzip, deflate",
"request_method" => "POST",
"content_type" => "application/json",
"http_user_agent" => "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36",
"connection" => "keep-alive",
"dnt" => "1",
"http_accept" => "*/*",
"content_length" => "400",
"http_version" => "HTTP/1.1",
"request_path" => "/formulario/_doc?timeout=120s",
"accept_language" => "en-US,en;q=0.9,pt-BR;q=0.8,pt;q=0.7",
"http_host" => "finalproject.westus2.cloudapp.azure.com:8085",
"origin" => "http://finalproject.westus2.cloudapp.azure.com",
"referer" => "http://finalproject.westus2.cloudapp.azure.com/"
},
"geoip" => {
"ip" => "174.6.125.76",
"coordinates" => [
[0] -123.1193,
[1] 49.2497
],
"country_name" => "Canada",
"continent_name" => "North America",
"country_code2" => "CA"
},
"os_name" => "Windows",
"host" => "174.6.125.76",
"name" => "Chrome",
"patch" => "4606",
"minor" => "0",
"dnsname" => "S0106e0cbbc9be2b1.vc.shawcable.net",
"os_major" => "10",
"pergunta2" => "Streaming & games",
"@timestamp" => 2021-10-25T22:00:23.462Z,
"tags" => [
[0] "_grokparsefailure"
],
"device" => "Other",
"os" => "Windows",
"major" => "94",
"@version" => "1",
"info" => {
"operator" => "Shaw Communications",
"latitude" => "49.2497",
"city" => "Vancouver",
"region" => "British Columbia",
"org2" => "Communications",
"country" => "CA",
"longitude" => "-123.1193",
"org1" => "Shaw"
},
"pergunta8" => [
[0] "circuit breaker",
[1] "railroad"
],
"pergunta1" => "100mb",
"os_version" => "10",
"os_full" => "Windows 10",
"pergunta3" => "Rarely",
"pergunta4" => "room of my home"
}