Geoip

kharbechtein · August 4, 2016, 2:53pm

Hello ,

I am new to the Elastic Stack and I have no idea how to map my geoip data. I've tried the following mapping:

curl -H "kbn-version: 4.5.2" -XPUT http://localhost:9200/geo_ip -d'
{
"mappings" : {
"default" : {
"properties" : {
"email":{"type":"string","index":"not_analyzed"},
"age":{"type":"integer","index":"not_analyzed"},
"ca":{"type":"double"},
"geoip":{"type":"ip"}

}
}
}
}
';

and this a sample from the json file :

{ "index" : { "_index" : "geo_ip", "_type" : "gelocalisation", "_id" : "1" } }
{ "id": 1, "email": "a1@gmail.com","age": 15,"ca": 850,"ip":"88.190.229.170"}

I really do not know how making Geoip work fine and locate users via their IP addresses.

Thanks in advance.

cjcenizal · August 4, 2016, 8:03pm

Your mapping and data looks fine to me, except for one typo: in your mapping query, you specify "geo_ip" as the index name, but in your data, the index name has no underscore: "geoip". So that's probably a minor issue.

Another minor issue is that in your JSON, you need to define the "_index", "_type", and "_id" properties with underscores: "{ "index" : { "_index" : "geoip", "_type" : "gelocalisation", "_id" : "1" } }". (To see what I mean, see the sample data in the Getting Started docs: https://www.elastic.co/guide/en/kibana/current/getting-started.html).

But these are little issues. I think the more underlying problem is that you need to use the Logstash GeoIP filter to extract geolocation information from the IP. Kibana can't do this on its own. Take a look at this StackOverflow issue that outlines the process and please let me know if it helps you: http://stackoverflow.com/questions/33522175/convert-existing-field-mapping-to-geoip

Here's more information on the Logstash GeoIP filter: https://www.elastic.co/guide/en/logstash/current/plugins-filters-geoip.html

warkolm · August 5, 2016, 12:08am

That's mapping an IP type, not a geo_point type, you don't have the latter at all so you will never be able to map anything.

Also, you should use something like Logstash with the geoip filter to convert the IP into coordinates.

kharbechtein · August 5, 2016, 10:06am

Hello,
First of all I would like to thank you for your detailed response and your time.

Yet, I made a new mapping following the solution provided with in your stackoverflow link, but no result was found. Should I have the configuration file in Logstash executed for every new index?

Thanks again.

kharbechtein · August 5, 2016, 10:07am

Thanks for your repsonse.
I will read more about that.

Thanks.