Display multiple geoip data on kibana maps

Vu_Trong · May 29, 2025, 2:55am

Hi everyone,

I'm working with a set of GeoIP data that includes multiple entries identified by resolved_ip. I initially tried using the nested type to display the data on Kibana Maps, but nothing appears on the map.

I also attempted to use geo_shape for location data, but it seems I’m unable to search or visualize locations based on resolved_ip.

Below is a sample of my data and the current index mapping I’m using:

Any suggestions or guidance would be greatly appreciated!

Here is my data and current mappings

{
  "points": [
    {
      "resolved_ip": "38.145.60.21",
      "location": { "lat": 33.304, "lon": -111.8478 },
      "city": "Chandler",
      "country": {
        "iso": "US",
        "name": "United States"
      }
    },
    {
      "resolved_ip": "13.233.161.229",
      "location": { "lat": 19.0748, "lon": 72.8856 },
      "city": "Mumbai",
      "country": {
        "iso": "IN",
        "name": "India"
      }
    },
    {
      "resolved_ip": "18.136.235.60",
      "location": { "lat": 1.2868, "lon": 103.8503 },
      "city": "Singapore",
      "country": {
        "iso": "SG",
        "name": "Singapore"
      }
    },
    {
      "resolved_ip": "38.145.60.20",
      "location": { "lat": 33.304, "lon": -111.8478 },
      "city": "Chandler",
      "country": {
        "iso": "US",
        "name": "United States"
      }
    },
    {
      "resolved_ip": "54.254.22.88",
      "location": { "lat": 1.2868, "lon": 103.8503 },
      "city": "Singapore",
      "country": {
        "iso": "SG",
        "name": "Singapore"
      }
    }
  ]
}

PUT /geo-index-geo-shape-2
{
  "mappings": {
    "properties": {
      "points": {
        "type": "nested",
        "properties": {
          "resolved_ip": { "type": "ip" },
          "location": { "type": "geo_point" },
          "city": { "type": "text" },
          "country": {
            "properties": {
              "iso": { "type": "keyword" },
              "name": { "type": "text" }
            }
          }
        }
      }
    }
  }
}

jsanz · May 29, 2025, 6:59am

Unfortunately there is no support for nested fields in Kibana. The issue to track this feature request can be found here

github.com/elastic/kibana

Nested field support

opened 05:10PM - 21 Mar 14 UTC

Alex-Ikanow

release_note:enhancement high hanging fruit Feature:Aggregations loe:x-large Team:Visualizations impact:low Feature:New Field Type

This is sort of a duplicate of some other issues I searched for but I haven't se…en this particular aspect discussed, so I thought this was worth a separate issue. You read the _mapping field, so you should know when a particular field is nested, so can it not automatically apply the correct nested facet/query when such a field is selected in queries or facets? (Alternatively/in addition as suggested by #532, you could have a checkbox to allow users to select it themselves, perhaps as an interim measure) I'm sure there are some cases where this gets complicated, but there are also a bunch of cases where it's a straightforward changing of one block of JSON to another. Latest update: https://github.com/elastic/kibana/issues/1084#issuecomment-585178079

On the other hand, there are multiple answers on the forum on how to approach this limitation. I can share a couple here:

Vu_Trong · May 29, 2025, 7:17am

Thanks a lot for the information, Jsanz!

Topic		Replies	Views
Kibana not visualizing geoip in coordinate map Kibana	3	482	November 19, 2019
GeoIP data present but cannot be displayed Kibana	10	1656	May 16, 2018
Can't use maps with geoip Logstash maps	2	378	June 24, 2020
Not able to plot geo data on Kibana Kibana	4	666	October 14, 2020
Mapping Issues With GeoIP Logstash	6	544	February 27, 2018

Display multiple geoip data on kibana maps

Related topics