Not able to create tilemeap

Elastic Stack Kibana
1

Hey i have loaded json template store geo location but geo co-ordinates show following error

No Compatible Fields: The "filebeat-*" index pattern does not contain any of the following field types: geo_point

my json template

{
"mappings": {
"_default_": {
  "_all": {
    "enabled": true,
    "norms": {
      "enabled": false
    }
  },
  "dynamic_templates": [
    {
      "template1": {
        "mapping": {
          "doc_values": true,
          "ignore_above": 1024,
          "index": "not_analyzed",
          "type": "{dynamic_type}"
        },
        "match": "*"
      }
    }
  ],
  "properties": {
    "@timestamp": {
      "type": "date"
    },
    "message": {
      "type": "string",
      "index": "analyzed"
    },
    "offset": {
      "type": "long",
      "doc_values": "true"
    },
    "geoip"  : {
      "type" : "object",
      "dynamic": true,
      "properties" : {
        "location" : { "type" : "geo_point" }
      }
    }
  }
}
},
"settings": {
"index.refresh_interval": "5s"
},
"template": "filebeat-*"
}

filebeat index search output

geoip.continent_code	  	  EU
geoip.coordinates	  	  2.3386999999999887, 48.85820000000001
geoip.country_code2	  	  FR
geoip.country_code3	  	  FRA
geoip.country_name	  	  France
geoip.country_name	  	  France
geoip.ip	  	  21.44.34.66
geoip.latitude	  	  48.85820000000001
geoip.location	  	  2.3386999999999887, 48.85820000000001
geoip.longitude	  	  2.3386999999999887
geoip.timezone	  	  Europe/Paris
host	  	  client1.product
2

hi @AadarshKumayan,

Kibana only supports geo_point fields. Can you verify your indexing them correctly? cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/geo-point.html

You're mapping should show sometihng like:

...```
fieldName: {
"type": "geo_point"
}
...


The geoip field is not supported by Kibana. I would create an enhancement request for this in Kibana repo: https://github.com/elastic/kibana/issues/new
3

still not working
my logstash filter -

filter {
if [type] == "nginx-access" {
grok {
  match => { "message" => "%{NGINXACCESS}" }
}
geoip {
  source => "clientip"
  target => "geoip"
  database => "/etc/logstash/GeoLiteCity.dat"
  add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
  add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
}
mutate {
  convert => [ "[geoip][coordinates]", "float"]
}
}   
}
4

can anybody help
i am completely lost here

hot to create mapping for geo_point and then how to configure my filter

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.