Hi ,
I am having Elasticsearch version 7.4, and in the SIEM app network section I want to enable the map present. I want to enable it through my own index , so i am doing ECS mapping of my index field
but when i convert my client_ip to geoip field using geoip filter, field corresponding to geoip gets created . I want my client_ip filed to be coverted to 'source.geo.location'
field since the 'MAP' in SIEM APP gets generated through this field.