Hi,
I have IP ( private range ) , lot and lat coordinates (country, city ... information).
Is there any way to create geoip point field in message that Elasticsearch and Kibana both understand from these variables?
I tried some older manuals in forum, but not working for me in elasticsearch 6.2 stack.
Thx
Rudolf
Hi,
I tried it before but when I tried visualize in coordinate map I received following error:
No Compatible Fields: The "testbeat-*" index pattern does not contain any of the following field types: geo_point
My config file:
input { stdin {} }
filter{
translate {
regex => true
dictionary_path => "./mutate/chemosvit-geo.yml"
field => "message"
}
json {
source => "translation"
}
}
output {
elasticsearch {
hosts => "esearch.chemosvit.sk:9200"
manage_template => false
index => "testbeat-%{+YYYY.MM.dd}"
document_type => "doc"
user => blabla
password => blabla
ssl => false
ssl_certificate_verification => false
cacert => "/etc/logstash/root-ca.pem"
# truststore_password => changeit
}
}
Do you have a template for that index? If you are using the fieldname geoip you would need something like
{
"settings": {
"number_of_shards": 1
},
"mappings": {
"doc": {
"properties": {
"geoip": {
"type": "geo_point"
}
}
}
}
}
Don`t have
I am going to study how to create it 
Thx
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.