Hello,
I have parsed the an auth.log via grok and elasticsearch is looking up the IP geo location but the system.auth.ssh.geoip.city_name field is set as string and not geopoint. Is it possible to change it's type somehow?
Regards,
Peter
This is better answered in your other thread - Geo_point is not getting mapped correctly