KIBANA geoip configuration and map

Good, I'm trying to visualise where the ips of the apache logs that I receive come from, but when I click on the map I get the message that I don't have the index pattern, any idea?

input {
  beats {
    port => 5044
  }
}
filter {
  grok { match => { "message" => "%{COMBINEDAPACHELOG}" } }
  geoip { source => "clientip" }
}
output {
  elasticsearch {
    hosts => ["http://192.168.14.82:9200"]
    index => "%{[@metadata][beat]}-%{[@metadata][version]}"
  }
}

geolo

What version are you on?

If older like 7.10 did you refresh the index pattern?

Go to Stack Management-> Index pattern and refresh the pattern

Did you create a mapping with those fields?

I'm on version 7.9.2 I just refreshed the index, but when I go to Maps->Add layer->Point to point when it asks me for the index it tells me that there is no option available.

If I were you I would use the filebeat apache module directly and skip logstash it is not needed (you can use it but it is not required) The Apache module will do all the parsing and geoip etc

I would clean up everything and start over....

Basically follow these steps but use the apache module

Point the filebeat config directly at Elasticsearch and kibana

Once you get that working try using the "Documents" Options on the Map

If you get all that working come back and I will show you how to pass it through logstash if you still want to .

thank you very much it is working

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.