I want to do exactly what geoIP filter does in logstash and elasticsearch's pipeline but i dont have either .
I have one forwarder configured which is using elasticsearch's bulk api to ingest data. Now i want to create coordinate map in kibana which requires geo point data type.
Is there any way i can get coordinates of ipaddress in kibana?
Thanks,
Meet Dave
No, there is not. You will need to add this information to the documents during indexing. Can you not modify the ingest process to include Logstash or an ingest pipeline?
Data is coming from another source and I don't have control on that
Then I unfortunately don't see any good way to achieve what you are looking for.
Okay thank you
One thing you might be able do is to periodically run an update by query job that selects all documents that do not already have geoip fields and then use an ingest pipeline to update them. This reprocessing will however add additional load and lag a bit.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.