Given IP is not an ip literal string

Elastic Stack Elasticsearch
1

I'm sending a CSV file through Filebeat and Logstash to Elasticsearch. I'm trying to get ip address put into the ip datatype so I can use the geoip feature and heat map in Kibana (like in the video tutorial). I'm very new to the elastic family of products, so apologies in advanced if this is something simple I missed.

Thanks!

Here is a row of data I'm importing:
11/2/16 12:00 AM,DELETED,28bcac10-339e-4af9-97d5-373687959015,8.3.133.78,30.66.0.184,US,"BOUNCEBLOCK, BOUNCELOOP, HELOBOGUS, RETURNPATH, WEIGHT10, WEIGHT15, WEIGHT20, WEIGHT30"

Here is the template I'm using:

PUT /_template/my-logs
{
"template": "my-logs",
"order": 1,
"settings": {
"index": {
"refresh_interval": "5s"
}
},
"mappings": {
"default": {
"_all": {
"norms": false,
"enabled": true
},
"properties": {
"sending-ip": { "type": "ip"},
"receiving-ip": { "type": "ip"}
}
}
}
}

And here is the logstash config in case that helps
input {
beats {
port => "5043"
}
}
filter {
csv {
columns => ["date-time","message-class","unique-message-id","sending-ip","receiving-ip","origin-country","tests-failed"]
}
date {
match => [ "date-time", "MM/dd/yy hh:mm aa" ]
}

}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
index => "my-logs"
}
stdout { codec => rubydebug }
}

2

You should read https://www.elastic.co/guide/en/logstash/current/advanced-pipeline.html#configuring-geoip-plugin .
Elasticsearch's IP datatype can not add any geographic location information.

3

Thanks for the quick reply! I have tried this before with the same error in Elasticsearch; however, I tried it again this morning and noticed I am getting "Invalid IP address or hostname" errors in Logstash. I guess I will make a post over in the Logstash area.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.