Help/Advice needed setting up geo-ip filters in an on-prem Logstash to SIEM in Elastic Cloud instance

stephenb · May 27, 2021, 5:26am

I ran for a while with

packetbeat -> logstash -> elasticsearch in elastic cloud

and the data is showing up in the SIEM App

I did notice the map on the Packetbeat dashboard is looking at the map in detail it is looking for client.geo.location

Data source Clusters and grids

Index pattern packetbeat-*

Geospatial field client.geo.location

client.ip which my packetbeat on my mac does not fill but I just when to the map and added destination.geo.location the showed up on the map.

Topic		Replies	Views
How to configure ELK for geoip Elasticsearch	22	1154	December 23, 2021
Need help in sending Geo Ip data from beats through logstash Beats	1	260	July 24, 2020
Mapping ip address to geolocation Elasticsearch	12	6535	September 27, 2019
KIBANA geoip configuration and map Kibana maps	5	1398	May 4, 2022
GeoIP - Elasticsearch Elasticsearch	10	60	July 12, 2024