Tile map not plotting location

Elastic Stack Logstash
1

Hi There, I am not sure if it's a logstash, elasticsearch or kibana question..but if you could help me out with this..i would greatly appreciate it.

I am having trouble displaying locations in the map.
I am using Kibana 4.5.4
Logstash 2.3.4
Elasticsearch 2.3.5

My mapping for geofield looks like the following in ES:

 {
      "geo_point_fields" : {
        "mapping" : {
          "type" : "geo_point",
          "doc_values" : true
        },
        "match" : "*",
        "match_mapping_type" : "geo_point"
      }
    } ],

I do have a field geo.location with the type geo.point when I check mapping...however, when i go to tile map visualition, choose geohash as the aggregation and geoip.location as the field...nothing shows up on the visualition...it simply says "No results found"

I have IP addresses in my logs and I simply want to convert them onto LAT and LONG to be able to plot in Tile Map. And I believe it's converting to that..just not plotting it..

I can't figure out why it's doing this.

2

Providing your config would be useful.

3

I have 2 different config files on 2 different servers.. One is forwarding the logs and one is indexing the logs to be fed into ES.. and I am using redis as the messeging queue..

Below is the logstash forwarder

input {
file {
path => [ "/logs/iot_report.log" ]
type => "iot_reportlog"
start_position => "beginning"
sincedb_path => "/dev/null"
ignore_older => 0
}
file {
path => [ "/logs/iot_access.log" ]
type => "iot_accesslog"
start_position => "beginning"
sincedb_path => "/dev/null"
ignore_older => 0
}
}

filter {
if [type] == "iot_reportlog" {
grok {
# match => [ "message", "%{TIMESTAMP_ISO8601:todaysdate} %{SECOND:seconds}%{NOTSPACE}%{WORD:Username}%{NOTSPACE}%{WORD:Vendorname}%{NOTSPACE}%{BASE16N#UM:bytes}" ]
match => [ "message", "%{TIMESTAMP_ISO8601:todaysdate}%{NOTSPACE}%{WORD:Username}%{NOTSPACE:Vendorname}%{NOTSPACE}%{BASE16NUM:bytes}"]
}

date {
    locale => "en"
    match => [ "todaysdate", "YYYY-MM-dd HH:mmss" ]
    remove_field => ["todaysdate"]
}

}

if [type] == "iot_accesslog" {
grok {
# match => [ "message", "%{NOTSPACE:TIME}%{BASE10NUM}%{SPACE}%{WORD}%{SPACE}%{NOTSPACE} %{NOTSPACE} %{NOTSPACE:queueNum} %{NOTSPACE} %{NOTSPACE} %{NOT#SPACE} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE} |%{NOTSPACE:Username}|%{NOTSPACE:VendorName}|%{NOTSPACE:url}" ]
match => [ "message", "%{NOTSPACE:TIME}%{BASE10NUM}%{SPACE}%{WORD}%{SPACE}%{NOTSPACE} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE} |%{NOTSPACE:Username}|%{NOTSPACE:VendorName}|%{NOTSPACE:url}%{IP:clientip}" ]
}

geoip {
source => "clientip"
target => "geoip"
database => "/etc/logstash/GeoLiteCity.dat"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
mutate {
convert => [ "[geoip][coordinates]", "float"]
}
}
}

output {
stdout { codec => rubydebug }
redis { host => "44.98.33.111" data_type => "list" key => "iot2" }
}

Below is the logstash indexer

input {
file {
type => "iot_reportlog"
path => [ "/logs/iot_report.log" ]
sincedb_path => "/dev/null"
start_position => "beginning"
}

file {
type => "iot_accesslog"
path => [ "/logs/iot_access.log" ]
sincedb_path => "/dev/null"
start_position => "beginning"
}

redis {
host => "44.98.33.111"
data_type => "list"
key => "iot2"
codec => json
}
}

output {
elasticsearch { hosts => ["44.98.33.111"]
index => "logstash-%{+YYYY.MM.dd}"

index => "iotlogs"

}
stdout { codec => rubydebug }
}

My log file looks like the following:

00:00:01,194 INFO [ACTIVE] ExecuteThread: '46' for queue: 'weblogic.kernel.Default (self-tuning)' access:14 - |farsali|getServiceAgreement|https://20.198.199.56:443/service/soap/v1/ProductManagement

This is what I see when I try to visualize Tile Map with the logs in Kibana:

1282×605 16.4 KB

4

Please help with this!!