I have been trying to get the GeoIP working for visualization of my firewall logs and I can't get the geo_point type to stick. I have read through this article and took some information from it. I have an index template that changes my geoip.location type to a geo_point but when i look in Kibana i can see that it hasn't changed even though the mapping for that index shows it is of a geo_point type.
Elasticsearch, Kibana, Logstash versions are all 5.2.1
Any suggestions?
"geoip": {
"properties": {
"city_name": { },
"continent_code": { },
"country_code2": { },
"country_code3": { },
"country_name": { },
"dma_code": { },
"ip": { },
"latitude": {
"type": "half_float"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "half_float"
},
"postal_code": { },
"region_code": { },
"region_name": { },
"timezone": { }
}
},
{
"order": 0,
"template": "pfsense-*",
"settings": {
"index": {
"number_of_shards": "1",
"number_of_replicas": "0"
}
},
"mappings": {
"syslog": {
"properties": {
"geoip": {
"properties": {
"latitude": {
"type": "half_float"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "half_float"
}
}
}
}
}
},
"aliases": {}
}