Failed to find geo_point field [destination.geo.location]

Hello everyone,

I am having some problems with geo.location showing up on that maps with errors.

This is my errors"

query_shard_exception at `shard` 0 `index` .ds-logs-windows.security-default-000001 `node` stUuKb8ZR424_ZwqrouRMg

Type

query_shard_exception

Reason

failed to find geo_point field [destination.geo.location]

Index uuid

cIg33sTNQ96U3C3f0YUoNw

Index

.ds-logs-windows.security-default-000001

Welcome to our community! :smiley:

Is this in Kibana? What is the mapping of that .ds-logs-windows.security-default-000001 index?

Hi,

I'm experiencing the same issue on a fresh ELK 7.10 installation. I just deployed the Elastic-Agent with the only integration Endpoint , not even system . Is there a solution or workaround available or this is still under research?

geolocation1
geolocation2
geolocation3

Thank you

Hi,

Any update on this?

Thanks

Answering this will help us help you :slight_smile:

Hi,

I have no index .ds-logs-windows.security-default-000001 on my ES. Instead the issue is related to the following indexes (I have included the mappings):

  • .ds-logs-elastic_agent.metricbeat-default-000001
    Mapping
  • .ds-logs-elastic_agent.filebeat-default-000001
    Mapping
  • .ds-logs-elastic_agent-default-000001
    Mapping

Thank you

Hi,

Any update on this report?

Thank you

Sorry It took so long I fixed it by adding geoinfo to my packetbeat file on the server. Once I've done that I added the geo pipline script from the website, and data showed up. Once I executed that PUT query in the dev tools I was good.

Hi @secopsgeek,

Thank you for the feedback. So, I was not sure if I had to configure all the pipeline stuff for the geoIP, like I did on previous ELK versions. I thought it was already included by default in ELK 7.10, but it looks I was wrong. I'll start working on that next.

Thank you

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.