Hello,
I am currently using the geoip filter to generate geopoints. However, when it is fed into Elasticsearch, the type for geoip.location is number, which I am assuming is float. I need it to be geo_point in order to visualize it on the map.
This is the filter I am using
geoip {
source => "src_ip"
add_tag => [ "geoip_success"]
}
This is my template
{ "logstash": { "order": 0, "version": 50001, "template": "logstash-*", "settings": { "index": { "refresh_interval": "5s" } }, "mappings": { "_default_": { "dynamic_templates": [ { "message_field": { "path_match": "message", "mapping": { "norms": false, "type": "text" }, "match_mapping_type": "string" } }, { "string_fields": { "mapping": { "norms": false, "type": "text", "fields": { "keyword": { "type": "keyword" } } }, "match_mapping_type": "string", "match": "*" } } ], "_all": { "norms": false, "enabled": true }, "properties": { "@timestamp": { "include_in_all": false, "type": "date" }, "geoip": { "dynamic": true, "properties": { "ip": { "type": "ip" }, "latitude": { "type": "half_float" }, "location": { "type": "geo_point" }, "longitude": { "type": "half_float" } } }, "@version": { "include_in_all": false, "type": "keyword" } } } }, "aliases": {} } }
I added the following but it's still not showing up as geo_point
mutate { add_field => { "[geoip][location]" => "%{longitude}" } add_field => { "[geoip][location]" => "%{latitude}" } }
In my mapping, I see this
"latitude": {
"type": "float"
},
"location": {
"type": "float"
},
"longitude": {
"type": "float"
},
I have deleted both my templates and index multiple times to try to get it to work, but nothing so far.
Help is appreciated.
Thanks
