Map - Only bucket shape field available

Ragnar · July 29, 2019, 12:44pm

I have an Elastic cluster with Kibana on top (5.6.14).
I just added the filter GeoIp to Logstash and have all the desired data from the original IP I have from the source, indexed to Elastic.

Now I wanted to build a visualization from thoses info to see where those IP come from. Every tutorial I can find, I can see a bucket named "Geo Coordinate - Geo Hash". In my case I only have "Shape field.

Do this version is able to build a map from this kind of data ? Do I have to install a plugin or something ?

Thank !

nickpeihl · July 29, 2019, 5:43pm

The Geo Hash aggregation currently only works with fields mapped as geo_point.

If your field is mapped as a geo_point you can use the Coordinate Map visualization to create Geo Hash visualilzations. https://www.elastic.co/guide/en/kibana/5.6/tilemap.html

Ragnar · August 7, 2019, 8:15am

Hi @nickpeihl,

Thanks for your answer. The filter geoip on Logstash has construct a bunch of new fields but of the type string and number. Nothing as geo_point so not usable as it is on a map. How can I fix that ?

nickpeihl · August 7, 2019, 3:33pm

Hi @Ragnar

You may have to install the GeoIP plugin in Elasticsearch as well. https://www.elastic.co/guide/en/elasticsearch/plugins/5.6/ingest-geoip.html

This blog post might be helpful for you. It goes over the entire configuration for Elasticsearch, Logstash, and Kibana. And there is a troubleshooting section for common issues at the end of the post. https://www.elastic.co/blog/geoip-in-the-elastic-stack

If you still have trouble can you also share your Logstash config?

system · September 4, 2019, 3:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.