GeoIP Fields != desired geo_point type

jc034240 · February 21, 2017, 8:50pm

Elastic 2.3.1, Kibana 4.5
Two fields src_geoip.location, dest_geoip.location are being indexed are not the desired geo_point type, but instead as number. Despite the below:

Logstash Conf file filter section:
geoip {
source => "SourceIP"
target => "src_geoip"
}

geoip {
source => "DestinationIP"
target => "dest_geoip"
}

Elastic document mapping:
"geoip": {
"dynamic": true,
"type": "object",
"properties": {
"ip": {
"type": "ip"
},
"latitude": {
"type": "float"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "float"
},
"src_geoip.location": {
"type": "geo_point"
},
"dest_geoip.location": {
"type": "geo_point"
}
}
},

warkolm · February 21, 2017, 8:52pm

What is your index name?

jc034240 · February 21, 2017, 9:22pm

abc-xyz-device-2017-02-21

warkolm · February 21, 2017, 9:27pm

Then it won't match the default LS template, you will need to modify that one or create your own so that the mappings are applied to your index pattern.

system · March 21, 2017, 9:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.