Geo_point for conection map

Jose_Campos · January 16, 2020, 5:15pm

I am currently mapping the data of a snort, but I was trying to convert two fields, which are the IP source and destination to geo_point. I am doing this in order to be able to create the map connection visualization.

Only location places me as geo_point

imagen

But the field I need for connection maps is string

This is what I have tried to do.

  geoip {
      source => "source"
       target => "geoip_source"
        }

       geoip {
      source => "destination"
       target => "geoip_destination"
             }

Thanks for support.

Greetings

Badger · January 16, 2020, 6:19pm

You will need a template to tell elasticsearch that those fields a geo_points. The default template includes an example of how to make a field a geo_point.

Jose_Campos · January 27, 2020, 3:42pm

Thanks a lot Badger

I understand that this must be indicated to ES, but I have not yet found any concrete way on how to do it.

Excuse me, I'm first time in this.

Greetings

system · February 24, 2020, 3:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.