Geo_point & index_templates not working

cptnclvn · September 16, 2017, 2:37am

I have been trying to get the GeoIP working for visualization of my firewall logs and I can't get the geo_point type to stick. I have read through this article and took some information from it. I have an index template that changes my geoip.location type to a geo_point but when i look in Kibana i can see that it hasn't changed even though the mapping for that index shows it is of a geo_point type.

Elasticsearch, Kibana, Logstash versions are all 5.2.1
Any suggestions?

"geoip": {
            "properties": {
              "city_name": { },
              "continent_code": { },
              "country_code2": { },
              "country_code3": { },
              "country_name": { },
              "dma_code": { },
              "ip": { },
              "latitude": {
                "type": "half_float"
              },
              "location": {
                "type": "geo_point"
              },
              "longitude": {
                "type": "half_float"
              },
              "postal_code": { },
              "region_code": { },
              "region_name": { },
              "timezone": { }
            }
          },

{
  "order": 0,
  "template": "pfsense-*",
  "settings": {
    "index": {
      "number_of_shards": "1",
      "number_of_replicas": "0"
    }
  },
  "mappings": {
    "syslog": {
      "properties": {
        "geoip": {
          "properties": {
            "latitude": {
              "type": "half_float"
            },
            "location": {
              "type": "geo_point"
            },
            "longitude": {
              "type": "half_float"
            }
          }
        }
      }
    }
  },
  "aliases": {}
}

27 PM

warkolm · September 16, 2017, 4:13am

Please don't post pictures of text, they are difficult to read and some people may not be even able to see them.

cptnclvn · September 16, 2017, 12:41pm

Thanks, I have edited the post to include block quotes of the template and the mappings as showing in the pictures.

warkolm · September 18, 2017, 12:17am

Did you refresh the mappings for the index pattern in Kibana?

cptnclvn · September 18, 2017, 5:19pm

I did not know this was a thing. I ended up trying it and there was a conflict. I tried re-indexing the data and decided it was easier just to remove all the indexes and let it start fresh. It is working now. Thank you!

system · October 16, 2017, 5:19pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.