GeoIP Fields != desired geo_point type

jc034240 · February 21, 2017, 8:50pm

Elastic 2.3.1, Kibana 4.5
Two fields src_geoip.location, dest_geoip.location are being indexed are not the desired geo_point type, but instead as number. Despite the below:

Logstash Conf file filter section:
geoip {
source => "SourceIP"
target => "src_geoip"
}

geoip {
source => "DestinationIP"
target => "dest_geoip"
}

Elastic document mapping:
"geoip": {
"dynamic": true,
"type": "object",
"properties": {
"ip": {
"type": "ip"
},
"latitude": {
"type": "float"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "float"
},
"src_geoip.location": {
"type": "geo_point"
},
"dest_geoip.location": {
"type": "geo_point"
}
}
},

warkolm · February 21, 2017, 8:52pm

What is your index name?

jc034240 · February 21, 2017, 9:22pm

abc-xyz-device-2017-02-21

warkolm · February 21, 2017, 9:27pm

Then it won't match the default LS template, you will need to modify that one or create your own so that the mappings are applied to your index pattern.

system · March 21, 2017, 9:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Still has the problem that index pattern does not contain any of the following field types: geo_point Elasticsearch	4	424	November 29, 2018
Does logstash map to geo_point type when parsing geoip? Logstash	3	340	August 10, 2020
Geo_point type doesn't match Elasticsearch	3	523	May 2, 2017
GeoIP Mapping in ES Elasticsearch	3	2216	August 30, 2018
Geoip.location not getting mapped to a geo_point type Elasticsearch	3	9792	April 12, 2017

GeoIP Fields != desired geo_point type

Related Topics