Logstash GeoIP Kibana point-to-point maps problems

Michael_Dylan_McAloo · June 23, 2021, 11:32am

I have Logstash with Geoip enabled and even having everything correctly it tells me that I don't have the correct index selected for the creation of map Point to point, as you can see:

Code:

input {
    file {
        path => "/var/log/snort/alert_fast.txt"
        start_position => "beginning"
    }
}

filter {
  dissect { mapping => { "message" => '%{ts} [%{trash}] [%{fd1}] "%{alert}" [%{fd2}} %{ip_ori}:%{port_ori} %{fd3} %{ip_dest}:%{port_dest}' }>
  geoip { source => "ip_ori" }
}

output {
    elasticsearch {
        hosts => "http://10.200.0.29:9200"
        index => "logstash-snort3a"
    }
    stdout { codec => rubydebug }
}

system · July 21, 2021, 11:32am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash with Point to Point Logstash	1	215	July 23, 2021
Logstash problems with fields (Point to Point) Logstash	3	249	July 29, 2021
Unable to select correct Index in map visualisation Kibana maps	5	748	May 15, 2020
Geoip filter in logstash with Index Template not creating geo_point object as expected Kibana	6	1216	November 19, 2021
Create point to point map from Logstash pipeline Kibana	13	799	February 24, 2021

Logstash GeoIP Kibana point-to-point maps problems

Related Topics