Help/Advice needed setting up geo-ip filters in an on-prem Logstash to SIEM in Elastic Cloud instance

stephenb · May 27, 2021, 5:26am

I ran for a while with

packetbeat -> logstash -> elasticsearch in elastic cloud

and the data is showing up in the SIEM App

I did notice the map on the Packetbeat dashboard is looking at the map in detail it is looking for client.geo.location

Data source Clusters and grids

Index pattern packetbeat-*

Geospatial field client.geo.location

client.ip which my packetbeat on my mac does not fill but I just when to the map and added destination.geo.location the showed up on the map.

Topic		Replies	Views
Configuring GeoIP information in Logstash for Kibana SIEM Network Map Logstash	1	284	May 13, 2020
How to setup logstash with geoip Logstash	14	3643	February 21, 2017
Plotting geoIP Data in Kibana Maps via Beats Output to Logstash Logstash maps	4	557	February 11, 2020
How to configure ELK for geoip Elasticsearch	22	1160	December 23, 2021
Complete Example - Adding Private IPs for Internal Networks Logstash	2	452	November 8, 2018