Hello,
I'm trying to create a Kibana map with coordinates points from apache log using the plugin geoip.
The problem is no geo_point type are created in Elasticsearch. However, apache log are correctly parsed by filter in the logstash configuration. All geoip data appear in string type. So i can't select this index pattern in Kibana Maps
This is my logstash 02-apache-log.conf configuration file :
input {
beats {
port => "5044"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
geoip {
source => "clientip"
target => "geoip"
}
}
output {
elasticsearch {
hosts => localhost
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug }
}
geoip data remonted in stdout :
"geoip" => {
"country_name" => "United Kingdom",
"latitude" => 53.8247,
"longitude" => -2.2342,
"city_name" => "Burnley",
"country_code3" => "GB",
"continent_code" => "EU",
"region_name" => "Lancashire",
"region_code" => "LAN",
"country_code2" => "GB",
"ip" => "86.1.76.62",
"postal_code" => "BB10",
"timezone" => "Europe/London",
"location" => {
"lon" => -2.2342,
"lat" => 53.8247
}
Apache log example :
86.1.76.62 - - [04/Jan/2015:05:30:37 +0000] \"GET /style2.css HTTP/1.1\" 200 4877 \"http://www.semicomplete.com/projects/xdotool/\" \"Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20140205 Firefox/24.0 Iceweasel/24.3.0\"
Logstash version : 7.7.0