Geopoint failed to setup after upgrading to 5.6

Elastic Stack Kibana
1

After upgrading ELK to 5.6 and upgrading the plugins geo-ip fails to add geo_point and hence location cannot be visualized. Uninstalled and reinstalled geo-ip the geoip is being rendered on Kibana dashboard and is being passed in to the index as well but keep getting error message "index pattern does not contain any of the following field types: geo_point" . Here's my logstash config

input {
beats {
port => 5044
}
}

filter {
if [type] == "syslog" {
grok {
match => [ "message", "%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{USERNAME}%{SPACE}%{IP}%{SPACE}%{SYSLOGTIMESTAMP}%{SPACE}%{HOSTNAME:hostname}%{SPACE}%{SYSLOGPROG}%{SPACE}%{WORD}%{NOTSPACE}%{SPACE}%{WORD}%{SPACE}%{WORD}%{SPACE}%{IP:src_ip}/%{INT:src_port}->%{IP:dest_ip}/%{INT:dest_port}%{SPACE}%{GREEDYDATA}" ]
}
if "_grokparsefailure" in [tags] { drop {} }
date {
match => [ "timestamp", "yyyy-MM-dd HH:mm:ss" ]
}
geoip {
source => "dest_ip"
target => "geoip"
database => "/usr/share/logstash/plugins/data/GeoLite2-City.mmdb"
}
}
}

output {
elasticsearch {
hosts => "localhost:9200"
index => "index-%{type}-%{+YYYY.MM.dd}"
user => elastic
password => xxxxx

2

Can you provide the mapping for your index? Example: http://localhost:9200/logstash-*/_mapping

3

Here's my mapping for Syslog Index

"index-syslog-2017.09.25" : {
"mappings" : {
"syslog" : {
"properties" : {
"@timestamp" : {
"type" : "date"
},
"@version" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"beat" : {
"properties" : {
"hostname" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"name" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"version" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"dest_ip" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"dest_port" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"geoip" : {
"properties" : {
"city_name" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"continent_code" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"country_code2" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"country_code3" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"country_name" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"dma_code" : {
"type" : "long"
},
"ip" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"latitude" : {
"type" : "float"
},
"location" : {
"properties" : {
"lat" : {
"type" : "float"
},
"lon" : {
"type" : "float"
}
}
},
"longitude" : {
"type" : "float"
},
"postal_code" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"region_code" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"region_name" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"timezone" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}

Here the data from the index that has a geoip information

root@ELK:~# curl -XGET '10.1.0.175:9200/index-syslog-2017.09.25/_search?pretty&q=response=500'

{
"_index" : "index-syslog-2017.09.25",
"_type" : "syslog",
"_id" : "AV6qrLR13NU9fecMNbhW",
"_score" : 10.947816,
"_source" : {
"geoip" : {
"timezone" : "America/Los_Angeles",
"ip" : "151.101.188.193",
"latitude" : 37.7697,
"continent_code" : "NA",
"city_name" : "San Francisco",
"country_name" : "United States",
"country_code2" : "US",
"dma_code" : 807,
"country_code3" : "US",
"region_name" : "California",
"location" : {
"lon" : -122.3933,
"lat" : 37.7697
},
"postal_code" : "94107",
"region_code" : "CA",
"longitude" : -122.3933
},
"offset" : 14233922,
"input_type" : "log",
"source" : "D:\Syslog\

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.