Geo_point for conection map

Jose_Campos · January 16, 2020, 5:15pm

I am currently mapping the data of a snort, but I was trying to convert two fields, which are the IP source and destination to geo_point. I am doing this in order to be able to create the map connection visualization.

Only location places me as geo_point

imagen

But the field I need for connection maps is string

This is what I have tried to do.

  geoip {
      source => "source"
       target => "geoip_source"
        }

       geoip {
      source => "destination"
       target => "geoip_destination"
             }

Thanks for support.

Greetings

Badger · January 16, 2020, 6:19pm

You will need a template to tell elasticsearch that those fields a geo_points. The default template includes an example of how to make a field a geo_point.

Jose_Campos · January 27, 2020, 3:42pm

Thanks a lot Badger

I understand that this must be indicated to ES, but I have not yet found any concrete way on how to do it.

Excuse me, I'm first time in this.

Greetings

Topic		Replies	Views
How to create geo-point fields from longitude / latitude Elasticsearch	8	749	April 11, 2021
Moved from 7.x to 8.x ... Maps stopped working Logstash	1	37	March 19, 2025
GeoIP Mapping in ES Elasticsearch	3	2262	August 30, 2018
Unable to reference geo_point type field Elasticsearch	5	618	July 23, 2019
Mapping field as geo_point Logstash	3	1778	December 29, 2020

Geo_point for conection map

Related topics