Elastic geo_point

Elastic Stack Elasticsearch
1

Hope its not a repeat :slight_smile: so here is my setup.

filebeat out put to logstash (Apache access logs . due to some reasons we don't want to use Apache module ) . As elastic 7 has geoip plugin embeded all im doing in my logstash file is this along with my grok patterns.

geoip {
source => "clientip"
target => "geoip"
add_tag => [ "webserver-geoip" ]
}

I m able to get all geo field populated. so far no issues. Issue is that geo.location was not type of geo_point. I deleted all exisitng indices ,and i added following mapping .

PUT myindex-
{
"mappings": {
"properties": {
"geoip": {
"dynamic": true,
"properties": {

	"location": {
		"type": "geo_point"
	}
}

}
}
}
}

I restarted filebeat by clearing registry. I get all documents ingested without issues. I refreshed the index pattern , i see geo.location is of type geo_point now. But there is nothing in it. No values.

I also treid exporting my document structure , made a template , added that in my ES , after going through standard process of registry and restarting filebeat , all docuemnt were ingested but there was nothing in document except timestamp :frowning:

am i missing something very small thing to make this work ?

Raj

2

just needed a fresh set of eyes to lookup my setup :slight_smile: i had a slight wrong configuration in my template i had

"mappings" : {
"properties" : {
"geo" : {
"properties" : {
"location" : {
"type": "geo_point"
}
}
}
}
} .

it should be

"mappings" : {
"properties" : {
"geoip" : {
"properties" : {
"location" : {
"type": "geo_point"
}
}
}
}
}

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.