Hello,
I saw a lot of questions and solutions for this issue in the forums, but no one of them solves my problem so I decided to ask.
My question is about the geo_point, Kibana is telling this message when I'm trying to create a title map:
index pattern does not contain any of the following field types: geo_point
And why I'm asking than in the Logstash forum? because I think the problem are in the Logstash side.
my pattern looks like this:
filter {
if [type] == "nginx-access" {
grok {
patterns_dir => ["/opt/logstash/patterns"]
match => [ "message" , "%{NGINXACCESS}"]
overwrite => [ "message" ]
}
geoip {
source => "clientip"
add_field => [ "[geoip][location]", "%{longitude}" ]
add_field => [ "[geoip][location]", "%{latitude}" ]
}
date {
match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
}
mutate {
convert => ["response", "integer"]
convert => ["bytes", "integer"]
convert => ["responsetime", "float"]
convert => [ "[geoip][location]", "float" ]
}
useragent {
source => "agent"
}
}
}
output {
if [type] == "nginx-access" {
elasticsearch {
hosts => ["elasticsearch:9200"]
index => "nginx-access-%{+YYYY.MM.dd}"
template_name => "logstash"
}
}
}
The geoip filter is working nicely because the tag _geoip_lookup_failure
is not appearing in the trace logs that have a correct IP.
I tried with and without the lines:
add_field => [ "[geoip][location]", "%{longitude}" ]
add_field => [ "[geoip][location]", "%{latitude}" ]
convert => [ "[geoip][location]", "float" ]
Also with and without
template_name => "logstash"
any hint about why geo_poin is not in the index?
PS: other simple question there is a simple way to block the geoip filter if the IP is from localhost?
UPDATE: if I don't use the custom index and I use the default index it works good, so I think is some trouble with the template_name, but not idea what is the problem.