Hi,
I have IP ( private range ) , lot and lat coordinates (country, city ... information).
Is there any way to create geoip point field in message that Elasticsearch and Kibana both understand from these variables?
I tried some older manuals in forum, but not working for me in elasticsearch 6.2 stack.
Thx
Rudolf
Try this. If it does not work, show us what does not work.
Hi,
I tried it before but when I tried visualize in coordinate map I received following error:
No Compatible Fields: The "testbeat-*" index pattern does not contain any of the following field types: geo_point
My config file:
input { stdin {} }
filter{
translate {
regex => true
dictionary_path => "./mutate/chemosvit-geo.yml"
field => "message"
}
json {
source => "translation"
}
}
output {
elasticsearch {
hosts => "esearch.chemosvit.sk:9200"
manage_template => false
index => "testbeat-%{+YYYY.MM.dd}"
document_type => "doc"
user => blabla
password => blabla
ssl => false
ssl_certificate_verification => false
cacert => "/etc/logstash/root-ca.pem"
# truststore_password => changeit
}
}
Do you have a template for that index? If you are using the fieldname geoip you would need something like
{
"settings": {
"number_of_shards": 1
},
"mappings": {
"doc": {
"properties": {
"geoip": {
"type": "geo_point"
}
}
}
}
}
Don`t have
I am going to study how to create it 
Thx
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.