How to get geo.src and geo.dest fields while creating Sankey Chart

Hi,

Can somebody help me in knowing how to get the geo.src & geo.dest fields in Sankey Chart creation? I am trying to parse the Apache logs but I want to have Source IP + Destination IP to view the traffic. or you can say that Source Country & Destination Country names.

Using "kibana_sample_data_logs" as an INDEX pattern we are getting these fields. SO what if I want to parse my own Apache logs, then why these fields are not showing there.? Which are required fields to populate the Sankey Chart.

Regards,
Puneet

Hi,

Are you indexing apache logs into Elasticsearch, created an index pattern in kibana for it and does the indexpattern have geo.src and geo.dest fields?

Kibana sample data logs has those fields indexed into elasticsearch. That's why we were able to create the visualization in sankey chart.

Also if you can run filebeat - it has apache module: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-apache.html. It also comes with well built dashboards.

Thanks.
Bhavya

No, i don't want to use the built-in sample logs for this purpose. I want to use my own apache logs for creating Sankey Charts. I want to know how to get these fields geo.src and geo.dest in the logs after parsing.

Thanks
Puneet T

Hi,

So kibana cannot insert any fields into documents. You can only do it when you are ingesting documents into elasticsearch.

Can you check if you those fields in your data and have you created the mapping correctly?

Thanks,
Bhavya

Hi,

I only have Source Ip in my logs with other normal information that an apache log have. Can you please help me in knowing how to ingest source-destination documents or geo.src & geo.dest fields in the apache logs?

Regards,
Puneet T

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.