No Compatible Fields. index pattern has no field type geo_point

moshikoy · March 7, 2019, 2:15pm

Hi,
I followed this guide in order to have PFSense logs in ELK
I do see the enrichment is working as expected.
However when trying to create a Geo Heat Map on Kibana
I get the following alert "No Compatible Fields: The "pfsense-*" index pattern does not contain any of the following field types: geo_point"

Can someone help me debug this?

Kibana Version: 6.4.1

Logstash config
if ![geoip] and [src_ip] !~ /^(10.|192.168.|172.16.)/ {
geoip {
add_tag => [ "GeoIP" ]
source => "src_ip"
database => "/etc/logstash/GeoLite2-City.mmdb"
}

Nathan_Reese · March 28, 2019, 3:07pm

This likely because geoip and src_ip are not mapped as geo_point.

To verify, view your index mappings in elasticsearch. What are geoip and src_ip mapped as?

system · April 25, 2019, 3:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
The index pattern logstash1* does not contain any of the following compatible field types: geo_point Logstash	1	327	November 14, 2019
The index pattern does not contain any of the following compatible field types: geo_point Kibana	3	603	August 18, 2019
No Compatible Fields: The "blabla" index pattern does not contain any of the following field types: geo_point Kibana	10	555	October 22, 2019
Geo point issue Kibana	4	590	September 20, 2017
No Compatible Fields: The "logstash-*" index pattern does not contain any of the following field types: geo_point Logstash	3	6564	January 10, 2018

No Compatible Fields. index pattern has no field type geo_point

Related Topics