Hi All,
I'm having a problem similiar to other problems i've seen on the forums here with kibana not seeing the geo_point field in elasticsearch. I'm using logstash to ship IIS log data to ES:
filter {
...
geoip {
source => "clienthost"
database => "C:/logstash/GeoLiteCity.dat"
}
}
output {
elasticsearch {
host => "es.domain"
protocol => "http"
index => "logstash-iis-%{+YYYY.MM.dd}"
}
}
The location field IS being stored as "geo_point" as shown from my mappings:
"geoip" : {
"properties" : {
"area_code" : {
"type" : "long"
},
"city_name" : {
"type" : "string"
},
"continent_code" : {
"type" : "string"
},
"country_code2" : {
"type" : "string"
},
"country_code3" : {
"type" : "string"
},
"country_name" : {
"type" : "string"
},
"dma_code" : {
"type" : "long"
},
"ip" : {
"type" : "string"
},
"latitude" : {
"type" : "double"
},
"location" : {
"type" : "geo_point"
},
"longitude" : {
"type" : "double"
},
"postal_code" : {
"type" : "string"
},
"real_region_name" : {
"type" : "string"
},
"region_name" : {
"type" : "string"
},
"timezone" : {
"type" : "string"
}
}
}
The template I am using is as follows:
{
"template" : "logstash*",
"mappings" : {
"iis" : {
"properties": {
"geoip":{
"properties":{
"location":{"type":"geo_point"}
}
}
}
}
}
}
The issue that i am having is that when I go into kibana to select the data, i get the " No Compatible Fields: The "logstash-iis*" index pattern does not contain any of the following field types: geo_point" error. I'm not sure where to begin troubleshooting from here. Any help would be appreciated!
Logstash: 1.5.4 (windows)
ElasticSearch: 1.7.2 (windows)
Kibana: 4.1.2 (windows)