In Kibana I try to use the "Point to Point" map but it doesn't show me anything because I only have two fields called "geoip.location" and "location" and I don't have the destination field to filter and "geoip.location" only collects data from the origin IP.
Here is the Logstash configuration code:
input {
file {
path => "/var/log/snort/alert_fast.txt"
start_position => "beginning"
}
}
filter {
dissect { mapping => { "message" => '%{timestamp} [%{t1} "%{alert}" [%{extra}{%{proto}} %{ip_ori}:%{port_ori} %{t2} %{ip_dest}:%{port_dest>
geoip { source => "ip_ori" }
geoip { destination => "ip_dest" }
}
output {
elasticsearch {
hosts => "http://localhost:9200"
index => "logstash-snort3a"
}
stdout { codec => rubydebug }
}