GEO POINT Problem

Hallo, i'im using filebeat from my servers mainly to track access log via ssh, now I'm trying to add geoIP filter for Public Server, in order to create a map to track ssh attacks attempts,

this is my filter
<
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{NOTSPACE:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{DATA:Status}? %{DATA:Ktype}? (for)? %{GREEDYDATA:syslog_user} (from)? %{IP:ip_address}?%{GREEDYDATA:syslog_message_tail}?" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
geoip {
source => "ip_address"
target => "geoip"
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
/>
When I go in discover section in Kibana, I can see the geoip parts, put I have no geoip.location, but two separate fields geoip.location.lat and Lon and when I try to create a visualization I have the common problem, Kibana (No geo_point type)

I output from filebeat using "filebeat-geo-*" index name in order to use filebeat/logstash template that should work, and also if I try tu get with curl the informations from my index patterns I can see the "location" field with the correct values, what else I'm missing? Im quite new to elastic search ...
Thanks in advance

wow, 23 views and no-one helping me even in finding a solution in some other post ?
I think it should be something connected with mappings, creating a custom index I succeed in creating a geo_point type mapping for geoip.location field, and even if I see it as a geo_point type, in discover he is treated as a float, If I add a visualization I can select the filed ( non error "No geo_point type) but my map remains empty !
Hope these more details can help someone in helping me...
Sincerely
Fabrizio

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.