Logstash to elasticsearch template to elasticsearch

I have done geoip

geoip
{
database => "C:\GeoLiteCity.dat"
source => "sIP"
target => "srcGeoIP"
}

Tried template

"sourceGeoIP":
{
"type": "object",
"index": "not_analyzed"
}

and

"sourceGeoIP":
{
"type": "geo_point",
"index": "not_analyzed",
"ignore_malformed":true
}

I keep getting the following error

{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse [srcGeoIP]", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"unknown property [ip]"}}}}, :level=>:warn}←[0m

One of the objective is make it such that it is possible for kibana to use the ip address to draw on its map

It looks like an invalid value in the field, so it cannot map it to a geopoint.

What I suspect is that sub fields in the srcGeoIP has not mapping at the elasticsearch template side

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.