Exactly how to map geoip.location to geo_point

Elastic Stack Elasticsearch
1

Here is my template

{
"template" : "cisco-asa*",
"settings" : {
"index.refresh_interval" : "5s"
},
"mappings" : {
"default" : {
"_all" : {"enabled" : true},
"dynamic_templates" : [ {
"ip_fields": {
"match": "_ip",
"mapping": {
"type": "ip",
"index": "analyzed",
"fields": {
"raw": { "type": "string", "index": "not_analyzed" }
}
}
}
}, {
"string_fields" : {
"match" : "",
"match_mapping_type" : "string",
"mapping" : {
"type" : "string", "index" : "analyzed", "omit_norms" : true,
"fields" : {
"raw" : {"type": "string", "index" : "not_analyzed", "ignore_above" : 256}
}
}
}
} ],
"properties" : {
"@version": { "type": "string", "index": "not_analyzed" },
"geoip" : {
"type" : "object",
"dynamic": true,
"path": "full",
"properties" : {
"latitude" : { "type" : "float" },
"location" : { "type" : "geo_point" },
"longitude" : { "type" : "float"},
}
}
}
}
}
}

Here is the geoip mapping, which is obviously incorrect for the location. The interesting thing is that everything else maps correctly, but the geo_point... any ideas ? I've been doing extensive research on this for the past 4 hours but found no solution to this problem....

				"geoip" : {
					"properties" : {
						"city_name" : {
							"type" : "text",
							"fields" : {
								"keyword" : {
									"type" : "keyword",
									"ignore_above" : 256
								}
							}
						},
						"continent_code" : {
							"type" : "text",
							"fields" : {
								"keyword" : {
									"type" : "keyword",
									"ignore_above" : 256
								}
							}
						},
						"country_code2" : {
							"type" : "text",
							"fields" : {
								"keyword" : {
									"type" : "keyword",
									"ignore_above" : 256
								}
							}
						},
						"country_code3" : {
							"type" : "text",
							"fields" : {
								"keyword" : {
									"type" : "keyword",
									"ignore_above" : 256
								}
							}
						},
						"country_name" : {
							"type" : "text",
							"fields" : {
								"keyword" : {
									"type" : "keyword",
									"ignore_above" : 256
								}
							}
						},
						"ip" : {
							"type" : "text",
							"fields" : {
								"keyword" : {
									"type" : "keyword",
									"ignore_above" : 256
								}
							}
						},
						"latitude" : {
							"type" : "float"
						},
						"location" : {
							"type" : "float"
						},
						"longitude" : {
							"type" : "float"
						},
						"postal_code" : {
							"type" : "text",
							"fields" : {
								"keyword" : {
									"type" : "keyword",
									"ignore_above" : 256
								}
							}
						},
						"real_region_name" : {
							"type" : "text",
							"fields" : {
								"keyword" : {
									"type" : "keyword",
									"ignore_above" : 256
								}
							}
						},
						"region_name" : {
							"type" : "text",
							"fields" : {
								"keyword" : {
									"type" : "keyword",
									"ignore_above" : 256
								}
							}
						},
						"timezone" : {
							"type" : "text",
							"fields" : {
								"keyword" : {
									"type" : "keyword",
									"ignore_above" : 256
								}
							}
						}
					}
				},
2

I ended up having to delete all mappings , templates, and indices, apply a brand new template via curl or kibana built in console (5.x) to make this work.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.