We currently are using Logstash to export all of our source, destination, and connection data from our network to our cloud, but the map states "Error loading map features" on all end points. All end points collected from the Elastic Agents on various types of laptops and servers have the same issue as well on the network map.
The destination.geo.location and source.geo.location are both pushed with Logstash and shown on the map but display that error message while hovering over.
The snippet of the Logstash pipeline that is parsing the data:
#Public geo locations
filter {
#change geo_point to float for mutation functions
mutate {
convert => {
'[geoip][latitude]' => 'float'
'[geoip][longitude]' => 'float'
}
}
#source at office
if [source.ip] =~ /^[OFFICE PUBLIC IP SCHEME].*$/ {
mutate {
add_field => [ "source.geo.location", "[LATITUDE NUMBER], [LONGITUTE NUMBER]" ]
}
geoip { source => "destination.ip" }
mutate {
add_field => [ "destination.geo.location", "%{[geoip][latitude]}, %{[geoip][longitude]}" ]
}
}
#destination at office
if [destination.ip] =~ /^[OFFICE PUBLIC IP SCHEME].*$/ {
mutate {
add_field => [ "destination.geo.location", "[LAT NUMBER], [LON NUMBER]" ]
}
geoip { source => "source.ip" }
mutate {
add_field => [ "source.geo.location", "%{[geoip][latitude]}, %{[geoip][longitude]}" ]
}
}
}
Is there something such as another field that is needed, or is it something outside of Logstash since the Elastic Agents also have the identical message at all end points? How can we mitigate the issue?
We have come across similar issues for users on Github ( [[Security Solution] "Error loading map features" is displaying when clicking on source countries marked on the map. · Issue #90761 · elastic/kibana · GitHub] ) while searching for answers, but that case is using Packetbeat which we are not currently implementing for other reasons.
Thank you for your time and help.