Geo_point for conection map

Jose_Campos · January 16, 2020, 5:15pm

I am currently mapping the data of a snort, but I was trying to convert two fields, which are the IP source and destination to geo_point. I am doing this in order to be able to create the map connection visualization.

Only location places me as geo_point

imagen

But the field I need for connection maps is string

This is what I have tried to do.

  geoip {
      source => "source"
       target => "geoip_source"
        }

       geoip {
      source => "destination"
       target => "geoip_destination"
             }

Thanks for support.

Greetings

Badger · January 16, 2020, 6:19pm

You will need a template to tell elasticsearch that those fields a geo_points. The default template includes an example of how to make a field a geo_point.

Jose_Campos · January 27, 2020, 3:42pm

Thanks a lot Badger

I understand that this must be indicated to ES, but I have not yet found any concrete way on how to do it.

Excuse me, I'm first time in this.

Greetings

system · February 24, 2020, 3:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash problems with fields (Point to Point) Logstash	3	249	July 29, 2021
How to create geo-point fields from longitude / latitude Elasticsearch	8	638	April 11, 2021
Mapping field as geo_point Logstash	3	1539	December 29, 2020
Geoip to geopoint Elastic Stack	3	876	November 4, 2022
Unable to reference geo_point type field Elasticsearch	5	566	July 23, 2019

Geo_point for conection map

Related topics