Hi Guys,
I am taking nginx logs and with custom Index name and logs are being injested properly even I see Log/lt properly country name absilutely fine. However when I do visualization I see that regular error
"No Compatible Fields: The "new-nginx-*" index pattern does not contain any of the following field types: geo_point"
I even went through the link "https://www.elastic.co/blog/geoip-in-the-elastic-stack" but something is missing and can someone pls help me to troubleshoot?
<
filter {
grok {
match => [ "message" , "%{COMBINEDAPACHELOG}+%{GREEDYDATA:extra_fields}"]
overwrite => [ "message" ]
}
mutate {
convert => ["response", "integer"]
convert => ["bytes", "integer"]
convert => ["responsetime", "float"]
}
geoip {
source => "clientip"
target => "geoip"
add_tag => [ "nginx-geoip" ]
}
date {
match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
remove_field => [ "timestamp" ]
}
useragent {
source => "agent"
}
}
/>
And Guys here is the output for stdin
<
{
"request" => "/global-threat.txt",
"agent" => ""v0.61"",
"geoip" => {
"timezone" => "Europe/London",
"ip" => "149.126.76.81",
"latitude" => 51.4964,
"country_name" => "United Kingdom",
"country_code2" => "GB",
"continent_code" => "EU",
"country_code3" => "GB",
"location" => {
"lon" => -0.1224,
"lat" => 51.4964
},
"longitude" => -0.1224
},
"auth" => "-",
"ident" => "-",
"verb" => "GET",
"message" => "149.126.76.81 - - [31/Aug/2017:11:25:29 +0530] "GET /global-threat.txt HTTP/1.1" 200 163312 "-" "v0.61"",
"referrer" => ""-"",
"@timestamp" => 2017-09-03T06:21:54.764Z,
"response" => "200",
"bytes" => "163312",
"clientip" => "149.126.76.81",
"@version" => "1",
"host" => "0.0.0.0",
"httpversion" => "1.1",
"timestamp" => "31/Aug/2017:11:25:29 +0530"
}
/>