Hi everyone,
I'm trying to use geoip to show data on a map. The problem is that the wrong index is showing up. I tried adding a new index template with no luck.
This is what I get when I check the json code:
"src": {
"geo": {
"continent_name": "Europe",
"country_iso_code": "RU",
"country_name": "Russia",
"location": {
"lon": 37.6068,
"lat": 55.7386
}
},
"ip": "12.69.132.123"
}
I added these two lines in my filebeat.yml:
setup.template.name: "logstash"
setup.template.pattern: "logstash-*"
This is the template I use:
{
"_doc": {
"_routing": {
"required": false
},
"numeric_detection": false,
"dynamic_date_formats": [
"strict_date_optional_time",
"yyyy/MM/dd HH:mm:ss Z||yyyy/MM/dd Z"
],
"dynamic": true,
"_source": {
"excludes": [],
"includes": [],
"enabled": true
},
"dynamic_templates": [
{
"message_field": {
"path_match": "message",
"mapping": {
"norms": false,
"type": "text"
},
"match_mapping_type": "string"
}
},
{
"string_fields": {
"mapping": {
"norms": false,
"type": "text",
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
}
},
"match_mapping_type": "string",
"match": "*"
}
}
],
"date_detection": true,
"properties": {
"@timestamp": {
"type": "date"
},
"geoip": {
"dynamic": true,
"type": "object",
"properties": {
"ip": {
"type": "ip"
},
"latitude": {
"type": "half_float"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "half_float"
}
}
},
"@version": {
"type": "keyword"
}
}
}
}
Been looking for a solution for a while so any help will be appreciated.
Thanks in advance.