GeoIP Fields != desired geo_point type

jc034240 · February 21, 2017, 8:50pm

Elastic 2.3.1, Kibana 4.5
Two fields src_geoip.location, dest_geoip.location are being indexed are not the desired geo_point type, but instead as number. Despite the below:

Logstash Conf file filter section:
geoip {
source => "SourceIP"
target => "src_geoip"
}

geoip {
source => "DestinationIP"
target => "dest_geoip"
}

Elastic document mapping:
"geoip": {
"dynamic": true,
"type": "object",
"properties": {
"ip": {
"type": "ip"
},
"latitude": {
"type": "float"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "float"
},
"src_geoip.location": {
"type": "geo_point"
},
"dest_geoip.location": {
"type": "geo_point"
}
}
},

warkolm · February 21, 2017, 8:52pm

What is your index name?

jc034240 · February 21, 2017, 9:22pm

abc-xyz-device-2017-02-21

warkolm · February 21, 2017, 9:27pm

Then it won't match the default LS template, you will need to modify that one or create your own so that the mappings are applied to your index pattern.

Topic		Replies	Views
Geoip.location not getting mapped to a geo_point type Elasticsearch	3	9881	April 12, 2017
Geoip.location Logstash	13	2411	September 2, 2017
Geoip filter not creating type geo_point Logstash	3	1854	July 6, 2017
Geo_point and the logstash-* index Logstash	2	563	April 21, 2017
Map geoip.location to geo_point by default Logstash	5	4114	July 6, 2017

GeoIP Fields != desired geo_point type

Related topics