Source ip is not showing in kibana map

naggappan · June 8, 2018, 1:29pm

I have a a Cloud Trial log and which is sent to logstash -> Elastic search -> Kibana

In logs I have the following field "Records.sourceIPAddress "

Now I tried to visualize the data in Region map and there I have selected

Values as Count
Buckets Shape fields ->
Aggrigation Terms
Fields -> Records.SourceIPAddress.Keywords

Metric: count

When I do play I get the following error in Yello colour in the top.

Same fields If i choose pi or bar chart what IP how many count comes up, but I want the World map region specific map

Error:
"egion map: Could not show 5 results on the map. To avoid this, ensure that each term can be matched to a corresponding shape on that shape's join field. Could not match following terms: "

Joe_Fleming · June 8, 2018, 8:28pm

You can't use the region map that way. You need to enrich your data before you can view it like that. IP addresses need to be converted to geo terms, like IN for India, US for the United States, CN for China, etc. Once you have fields with the correct geo name values, the region map will work. You can use Logstash to enrich your data, adding new geo fields from just the ip address you already have. You might also be able to use the ingest node for that enrichment too.

system · July 6, 2018, 8:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.