Maps not able to read fetch geoip coordinates

saiteja · February 21, 2020, 7:20pm

Hello

i am using grok pattern to get ip from logs for maps it is not able to fetch values my index pattern is not showing in maps.
grok { match => [ "message", "%{IP:clientip} %{USER:ident} %{DATA:auth} \[%{HTTPDATE:timestamp}\] \"(%{WORD:RequestType} %{NOTSPACE:request} (HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-)" ] } date { match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ] target => "timestamp" } geoip { source => "clientip" target => "geoip" add_field => { "[geoip][coordinates]" => "%{[geoip][longitude]}" } add_field => { "[geoip][coordinates]" => "%{[geoip][latitude]}" } }

do i nee to change anything to view the coordinates for maps in kibana

andreluizpr · February 21, 2020, 7:41pm

Hello saiteja,

I am also experiencing a problem similar to yours. My NGINX logs are sent to Logstash and in Kibana I cannot see the geographical information. I did the following: I configured the filebeat to communicate directly with Elasticsearch on 9200 port, without going through Logstash and with that I was able to see the geographic data in Kibana. I couldn't solve it by Logstash and hopefully a friend here can help us.

Thanks

Andre

system · March 20, 2020, 7:42pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.