No Compatible Fields. index pattern has no field type geo_point

moshikoy · March 7, 2019, 2:15pm

Hi,
I followed this guide in order to have PFSense logs in ELK
I do see the enrichment is working as expected.
However when trying to create a Geo Heat Map on Kibana
I get the following alert "No Compatible Fields: The "pfsense-*" index pattern does not contain any of the following field types: geo_point"

Can someone help me debug this?

Kibana Version: 6.4.1

Logstash config
if ![geoip] and [src_ip] !~ /^(10.|192.168.|172.16.)/ {
geoip {
add_tag => [ "GeoIP" ]
source => "src_ip"
database => "/etc/logstash/GeoLite2-City.mmdb"
}

Nathan_Reese · March 28, 2019, 3:07pm

This likely because geoip and src_ip are not mapped as geo_point.

To verify, view your index mappings in elasticsearch. What are geoip and src_ip mapped as?

system · April 25, 2019, 3:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.