nope, still didn't solve it. trying your suggestion creates a new field called "geo_point" with the value of coordinates as a string :
if "src_internal_ip" in [tags] {
translate {
exact => true
regex => true
field => "[source][ip]"
destination => "geo_point"
dictionary_path => "./geo.yml"
}
}
output :
"geo_point" => "{\"geoip\":{\"timezone\":\"Asia/Jakarta\",\"continent_code\":\"NA\",\"country_name\":\"Indonesia\",\"region_code\":\"JK\",\"country_code2\":\"ID\",\"country_code3\":\"ID\",\"region_name\":\"Jakarta\",\"city_name\":\"Jakarta\",\"latitude\":-6.196459,\"longitude\":106.822451,\"location\":{\"lat\":-6.196459,\"lon\":106.822451}}}",
"fw_rule_id" => "0",