EFK missing geo_point

Kok_How_Teh · December 17, 2022, 9:15am

I am running EFK using ECK 8.5.3. fluentd ConfigMap:

      @type geoip
      # Specify one or more geoip lookup field which has ip address (default: host)
      geoip_lookup_keys IP

      # Specify optional geoip database (using bundled GeoLiteCity databse by default)
      # geoip_database    "/path/to/your/GeoIPCity.dat"
      # Specify optional geoip2 database
      # geoip2_database   "/path/to/your/GeoLite2-City.mmdb" (using bundled GeoLite2-City.mmdb by default)
      # Specify backend library (geoip2_c, geoip, geoip2_compat)
      backend_library geoip2_c

      # Set adding field with placeholder (more than one settings are required.)
     <record>
        city            ${city.names.en["IP"]}
        latitude        ${location.latitude["IP"]}
        longitude       ${location.longitude["IP"]}
        country_code    ${country.iso_code["IP"]}
        country_name    ${country.names.en["IP"]}
        postal_code     ${postal.code["IP"]}
        location_properties '{ "lat" : ${location.latitude["IP"]}, "lon" : ${location.longitude["IP"]} }'
        location_string     ${location.latitude["IP"]},${location.longitude["IP"]}
        location_array      '[${location.longitude["IP"]},${location.latitude["IP"]}]'
      </record>

ES template:

      "mappings": {
          "properties": {
              "location_properties": { "type": "geo_point" },
              "location_string": { "type": "geo_point" },
              "location_array": { "type": "geo_point" }
          }
      }

I don't see any of the properties in Kibana ECK 8.5.3 at all. What do I miss?

warkolm · December 18, 2022, 10:37pm

What is the output that fluentd is providing?

Ultimately though. this might be more of a fluentd issue than an Elasticsearch one.

Kok_How_Teh · December 19, 2022, 12:48am

Fixed. It need to be in JSON format string.

system · January 16, 2023, 12:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.