Kibana: No Compatible Fields - GEOIP

bternyak · October 21, 2018, 1:16pm

Hey Guys!

I have a problem with geoip.. I've read all the articles in the forum and the web about this theme, but I can't visualize geoip on the map. I write logstash output to the stdin, too and there I can see that geoip makes new fields, and in Kibana I can see, too, just I can't visualize it..
The logstash conf file:

geoip {
    source => "clientIP"
    target => "geoip"
    add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
    add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
    }
    mutate {
                    convert => [ "[geoip][coordinates]", "float"]
            }

}

but I have another version, too:

geoip {
    source => "Source IP"

}

So, I've installed the ingest geoip plugin in Elasticsearch:

If I write to kibana -> console:
GET _template
In the response the originally mapping:
"geoip": {
"dynamic": true,
"properties": {
"ip": {
"type": "ip"
},
"location": {
"type": "geo_point"
},
"latitude": {
"type": "half_float"
},
"longitude": {
"type": "half_float"
}
}
}
}
}
}

I'm not using mapping. Should I? And how?
How should my logstash config look like?
Should I have to do something with the .gz files that is in the ingest-geoip directory?
Please help me! If you have to need more information, I'll send you!

warkolm · October 22, 2018, 7:56am

You don't need the add_field or the mutate.

What does the entire config look like?

system · November 19, 2018, 7:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
GeoIP Filter ingest: does not contain field types: geo_point Kibana	9	1863	February 6, 2018
Kibana4: geo_point Kibana	3	728	July 6, 2017
GeoIP data present but cannot be displayed Kibana	10	1631	May 16, 2018
Kibana how to get geo_point working? Kibana	4	1531	July 6, 2017
No Compatible Fields - GeoIP Elasticsearch	4	1946	July 5, 2017

Kibana: No Compatible Fields - GEOIP

Related topics