I have Logstash with Geoip enabled and even having everything correctly it tells me that I don't have the correct index selected for the creation of map Point to point, as you can see:
Code:
input {
file {
path => "/var/log/snort/alert_fast.txt"
start_position => "beginning"
}
}
filter {
dissect { mapping => { "message" => '%{ts} [%{trash}] [%{fd1}] "%{alert}" [%{fd2}} %{ip_ori}:%{port_ori} %{fd3} %{ip_dest}:%{port_dest}' }>
geoip { source => "ip_ori" }
}
output {
elasticsearch {
hosts => "http://10.200.0.29:9200"
index => "logstash-snort3a"
}
stdout { codec => rubydebug }
}