No geo_point fields logstash 6

This is the structure you need:

mappings
  name-of-document-type
    properties
      geoip
        properties
          clientip
          ...

You currently have:

mappings
  geoip
    properties
      clientip
      ...

Can that 'name-of-document-type' be any arbitrary name I choose or is it specific?

It should match the type of your documents, but that can basically be any string.

Eeh still didn't work with this.

PUT _template/apache-template
{
"index_patterns" : ["apache*"],
"doc" : {
"geoip" : {
"dynamic": true,
"properties" : {
"clientip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
}
}
}

Here is a full record.

{
"_index": "apache-access_2018.01.31",
"_type": "doc",
"_id": "4vVETmEB3Wi_gLjvSceJ",
"_version": 1,
"_score": null,
"_source": {
"geoip": {
"ip": "177.37.134.130",
"longitude": -39.3346,
"coordinates": [
-39.3346,
-5.1342
],
"region_name": "Ceara",
"city_name": "Quixeramobim",
"country_code2": "BR",
"latitude": -5.1342,
"location": {
"lon": -39.3346,
"lat": -5.1342
},
"timezone": "America/Fortaleza",
"region_code": "CE",
"country_code3": "BR",
"postal_code": "63800",
"country_name": "Brazil",
"continent_code": "SA"
},
"agent": ""-"",
"virtualhost": "exampledomain.com",
"source": "/var/log/httpd/access_log",
"request": "/index.php",
"message": "177.37.134.130 - - [31/Jan/2018:22:09:08 +0000] exampledomain.com "GET /index.php HTTP/1.1" 301 260 "-" "-" Server=aws7 "-" 191 0",
"apache-access": true,
"@timestamp": "2018-01-31T22:09:08.000Z",
"host": "aws7.hostdomain.net",
"bytes": 260,
"referrer": ""-"",
"clientip": "177.37.134.130",
"offset": 17617570,
"tags": [
"beats_input_codec_plain_applied"
],
"response": "301",
"server": "aws7",
"timestamp": "31/Jan/2018:22:09:08 +0000",
"httpversion": "1.1",
"user_agent": {
"device": "Other",
"build": "",
"name": "Other",
"os": "Other",
"os_name": "Other"
},
"logline": "177.37.134.130 - - [31/Jan/2018:22:09:08 +0000] exampledomain.com "GET /index.php HTTP/1.1" 301 260 "-" "-" Server=aws7 "-" 191 0",
"verb": "GET",
"@version": "1",
"request_duration_ms": 191,
"request_duration_s": 0,
"beat": {
"name": "aws7.hostdomain.net",
"version": "6.1.2",
"hostname": "aws7.hostdomain.net"
}
},
"fields": {
"@timestamp": [
"2018-01-31T22:09:08.000Z"
]
},
"highlight": {
"logline": [
"177.37.134.130 - - [31/Jan/2018:22:09:08 +0000] @kibana-highlighted-field@exampledomain.com@/kibana-highlighted-field@ "GET /index.php HTTP/1.1" 301 260 "-" "-" Server=aws7 "-" 191 0"
],
"message": [
"177.37.134.130 - - [31/Jan/2018:22:09:08 +0000] @kibana-highlighted-field@exampledomain.com@/kibana-highlighted-field@ "GET /index.php HTTP/1.1" 301 260 "-" "-" Server=aws7 "-" 191 0"
],
"virtualhost.keyword": [
"@kibana-highlighted-field@exampledomain.com@/kibana-highlighted-field@"
],
"virtualhost": [
"@kibana-highlighted-field@exampledomain.com@/kibana-highlighted-field@"
]
},
"sort": [
1517436548000
]
}

This is the structure you need:

mappings
  name-of-document-type
    properties
      geoip
        properties
          clientip
          ...

You currently have:

name-of-document-type
  geoip
    properties
      clientip

Still trying, thanks for sticking with me. This didn't work still getting the same error in Kibana map viz.

PUT _template/apache-template
{
"index_patterns" : ["apache*"],
"doc" : {
"properties" : {
"geoip" : {
"dynamic": true,
"properties" : {
"clientip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
}
}
}
}

{
"mappings": {
	"doc": {
		"properties": {
			"geoip": {
				"properties": {
					"clientId": { "type": "ip" },
					"location": { type: "geo_point" }
				}
			}
		}
	}
}

}

Bingo we have a winner!

PUT _template/apache-template
{
"index_patterns" : ["apache*"],
"mappings": {
"doc": {
"properties": {
"geoip": {
"properties": {
"clientId": { "type": "ip" },
"location": { "type": "geo_point" }
}
}
}
}
}
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.