Geo_point in logstash

MABN · February 14, 2021, 9:10am

Hi
I used syslog to send log to logstash ( logstash 7.10)
I used this grok in logstash.conf
#####################
geoip {
source => "source.ip"
target => "source.geo"
}
geoip {
source => "destination.ip"
target => "destination.geo"
}

#################################
But I don't have source/destination.geo.location, Just these fields had been made.

source.geo.continent_code
source.geo.country_code2
source.geo.country_code3
source.geo.country_name
source.geo.ip
source.geo.latitude
source.geo.location.lat
source.geo.location.lon
source.geo.longitude
source.geo.timezone

How can I create destination.geo.location & source.geo.location

MABN · February 15, 2021, 9:52am

Please Help me

stephenb · February 15, 2021, 7:05pm

Hi @MABN

Can you run the following on the index with the results please

GET /your-index

And post the results so we can see your mappings. Please format the results with the </> button.

Most likely you do not have the proper mapping which you should create before you attempt to index.

system · March 15, 2021, 7:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.