Hello everyone,
I am new in ELK community. I have recently discovered ELK and currently going through a massive learning process. I encountered one issue that I cannot resolve. Please help! I am trying to visualize some of the log data by creating a coordinate map in Kibana. I seem to have all the data parsed correctly and all the fields I might need for it, however I keep getting this error message. I am attaching two screenshots. One of them is the message I am getting and another is a sample data points which I am using for my visualization. I am using Kibana version 5.6.1
Hi @Barushka,
Can you check your mappings for your index? GET balboa*/_mapping. I see this similar post that may help: No Compatible Fields: types: geo_point.
Regards,
Liza
Hi @ Liza_Dayoub,
I did and here is what I got. Does it mean I have to create mapping? If so, how can I do it. I have never done it before. 
Hi @Barushka,
Yes looks like a mapping does not exist. Can you try something like:
PUT blabla
{
"mappings": {
"_doc": {
"properties": {
"location": {
"type": "geo_point"
}
}
}
}
}
@LizaD
I did and here is what I am getting
Please execute
GET rigcloud_access_log_event
That will get us the details about the index, including its mapping.
Thanks!
Ben
@BenTrent
Here is what I got
@Barushka, please copy and paste the full response. So far it looks like there are no geo_point mapped fields anywhere in that index.
Here is more. I cannot post all of it. It is too long and this website does not allow me to do so.
{
"rigcloud_access_log_event": {
"aliases": {},
"mappings": {
"rigcloudAccessEvent": {
"properties": {
"1": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"${phpinfo()}": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"%27": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"+BCSI-CS-495d0fc3e5d751d7": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"+_sm_au": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"+_sm_au_c": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"+_sm_au_d": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"+token": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"+undefined-smartbanner-closed": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"+user": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
If that index has no geo_point fields, does the index pattern from which you are trying to build the visualization include this index? If there are no geo_point fields, that is your problem.
Here are some docs on index patterns: https://www.elastic.co/guide/en/kibana/current/tutorial-define-index.html
If the index DOES have geo_point fields, and they are mapped as such (i.e. "type": "geo_point"), then you need to reload your index pattern so that it can recognize the field mapping.
See: https://www.elastic.co/guide/en/kibana/current/index-patterns.html Near the bottom explains reloading. The little "refresh" looking button between the star and delete buttons should reload the pattern given the selected indices and their field capabilities.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.