Can someone please help me on geo_point? I am using OSS version 7.2.1 and my data is properly being parsed and can see geo information however when I am plotting the geo map on Kibana this is giving me an error
The index pattern data-ip-* does not contain any of the following compatible field types: geo_point
However below is my Json Output
geoip.as_org Telecom Italia
**#** geoip.asn 3,269
**t** geoip.continent_code EU
**t** geoip.country_code2 IT
**t** geoip.country_code3 IT
**t** geoip.country_name Italy
**t** geoip.ip 80.20.231.251
**#** geoip.latitude 43.148
**#** geoip.location.lat 43.148
**#** geoip.location.lon 12.11
**#** geoip.longitude 12.11
**t** geoip.timezone Europe/Rome
Now my query is I dont see geoip-filter in elasticsearch; is this still necessary with version 7.2.1?
/usr/share/elasticsearch/bin/elasticsearch-plugin list
opendistro-job-scheduler
opendistro_alerting
opendistro_performance_analyzer
opendistro_security
opendistro_sql
Did you provide mapping for the index before loading data, possibly via a template? You need to define geoip.location in the mapping? It's also possible that the kibana index pattern was loaded before the field mapping was known, you can just refresh the index pattern to check.
I think on 7.x, the geoip ingest filter is built in and not a loaded plugin. It looks like the geoip lookup worked, you just have a mapping issue.
Kibana index management has a way to view index mapping. You can't update index mapping, only for future indices. Are you doing daily indices, using ILM for rollover or is this a single index?
If you are doing daily or ILM, update or create a template that will apply the geo_point to the field and check after the next new index. To "fix" the old indices would require reindexing old to new where new has a template with the proper mapping (Or matches the same template).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.