hello team elastic
i'm using the regular geoip filter in elasticsearch:
geoip{
source => "clientip"
target => "geoip"
}
but if you take a look at the geoip mapping in elasticsearch it seems as though [geoip][location] is a double, not a geo_point...
"geoip": {
"properties": {
"area_code": {
"type": "long"
},
"city_name": {
"type": "string"
},
"continent_code": {
"type": "string"
},
"country_code2": {
"type": "string"
},
"country_code3": {
"type": "string"
},
"country_name": {
"type": "string"
},
"dma_code": {
"type": "long"
},
"ip": {
"type": "string"
},
"latitude": {
"type": "double"
},
"location": {
"type": "double"
},
"longitude": {
"type": "double"
},
"postal_code": {
"type": "string"
},
"real_region_name": {
"type": "string"
},
"region_name": {
"type": "string"
},
"timezone": {
"type": "string"
}
}
}
so i can't graph it on a kibana tile map, because it doesn't have type geo_point. am I doing something wrong here ? could I just update the mapping manually? would be less ideal than a fix at the logstash level, here is an example value:
"geoip": {
"ip": "***.**.**.*",
"country_code2": "XX",
"country_code3": "XXX",
"country_name": "Xxxxxxx",
"continent_code": "EU",
"latitude": 51,
"longitude": 9,
"timezone": "Europe/Berlin",
"location": [
9,
51
]
},