Side Note: Im using Fliebeat Apache Module and updating the index from filebeat-* to logstash-* (This is working) just wanted to add this info just in case this changes how to proceed
from https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-get-mapping.html
GET /_all/_mapping
output
"geoip": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
}
}
also follow up on the location, does lat or lon need to go first? I saw this post Creating geoip data for internal networks but wanted to confirm
Im not sure what else Im missing to see them be in the map view