In the Logstash 2.0.0-rc1 released blog article I read:
"Elasticsearch does not allow field names to have dots, beginning with version 2.0".
So how about geoip? It adds dotted fields by default. I can imagine the plugin will have an update to create other kinds of fields, but how about the fields that are already indexed?
It does? It does nested fields in the current release, using the "target" field name as the parent field.
# Specify the field into which Logstash should store the geoip data.
# This can be useful, for example, if you have `src\_ip` and `dst\_ip` fields and
# would like the GeoIP information of both IPs.
#
# If you save the data to a target field other than `geoip` and want to use the
# `geo\_point` related functions in Elasticsearch, you need to alter the template
# provided with the Elasticsearch output and configure the output to use the
# new template.
#
# Even if you don't use the `geo\_point` mapping, the `[target][location]` field
# is still valid GeoJSON.
config :target, :validate => :string, :default => 'geoip'
When I look at the fields available, none have dots:
# An array of geoip fields to be included in the event.
#
# Possible fields depend on the database type. By default, all geoip fields
# are included in the event.
#
# For the built-in GeoLiteCity database, the following are available:
# `city_name`, `continent_code`, `country_code2`, `country_code3`, `country_name`,
# `dma_code`, `ip`, `latitude`, `longitude`, `postal_code`, `region_name` and `timezone`.
config :fields, :validate => :array
Oh are those nested fields? Sorry, I don't work that long with ELK, so I have to get into it and get used to the terminology. I thought because it looks like this:
geoip.city_name Mountain View
geoip.continent_code NA
geoip.coordinates -122.057, 37.419
geoip.country_code2 US
geoip.country_code3 USA
geoip.country_name United States
because of the dots, it's a dotted field. I had no clue it were nested fields. Never too old to learn 
Thanks for the clarification! (and it's a relief also, I was afraid I had to rename fields and rebuild indexes....)
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.