Hi, I have an ELK setup
with Filebeat -> Redis -> Logstash -> Elasticsearch using the latest 6.X.
I have scoured the net about the cryptic geo_point type (that won't let me make a coordinate map)
I have my indexes created as "filebeat-*" but am unsure where these are created.
What can I type into the console to apply the geo_point stuff to the filebeat indexes?
Is this being auto gen'ed in file beat (on the Client) or at the Logstash point.
Heres my Filter:
filter {
if [source] =~ "access" {
grok {
patterns_dir => ["/etc/logstash/patterns"]
match => { "message" => "%{NGINX_ACCESS}" }
overwrite => [ "message" ]
}
useragent {
source => "http_user_agent"
}
geoip {
source => "remote_addr"
target => "geoip"
}
}
else if [source] =~ "error" {
grok {
patterns_dir => ["/etc/logstash/patterns"]
match => { "message" => "%{NGINX_ACCESS}" }
}
}
}
output {
elasticsearch { hosts => ["xx.xxx.xxx.xx:9200"]
hosts => "xx.xxx.xxx.xx:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}