How to convert string to geoip datatype while ingesting data from logstash to elastic search

Swati123 · April 30, 2019, 1:59pm

Hi all,

I have a log field by default as string src_ip = 10.14.114.18 I am able to have it as ip datatype in kibana by running default mappings API.

But for visualization, I need this as geoip datatype so that it can be used in coordinate or region maps

I am ingesting data from logstash to elastic-search.

Can anyone help me on this to get src_ip field as geoip.i had also tried geoip processor as -
geoip {
source => "source_ip"
}
but it doesn't worked out this still as string datatype in kibana.

Badger · April 30, 2019, 3:01pm

geoip { source => "source_ip" }

will write geo information into the field geoip. If you change that to overwrite source_ip using the target option you will have to add a template to your index.

system · May 28, 2019, 3:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.