Relatively new user to ES and Kibana, latest versions. I can't resolve how to configure things so that Kibana can map geopoints. We're using the ingest-geoip processor and know how to make that take an ip address field and then create new geo fields. But when we do that we get an error from Kibana saying no field is of type geoint. So I've used the following mapping:
PUT geoiptest9
{
"mappings": {
"conn": {
"_all": { "enabled": false },
"properties": {
"ts": { "type": "date", "format": "epoch_second" },
"uid": { "type": "keyword" },
"ip": { "type": "ip" },
"geoip9": { "type": "geo_point" }
}
}
}
}
and then this directive to configure the processor:
PUT _ingest/pipeline/geoip9
{
"description" : "Add geoip info",
"processors" : [
{
"geoip" : {
"field" : "ip",
"target_field" : "geoip9"
}
}
]
}
and then when I index some data:
PUT geoiptest9/conn/my_id9?pipeline=geoip9
{
"ip": "108.48.202.104",
"ts": "1501195171"
}
we get this error:
{
"error": {
"root_cause": [
{
"type": "parse_exception",
"reason": "field must be either [lat], [lon] or [geohash]"
}
],
"type": "mapper_parsing_exception",
"reason": "failed to parse",
"caused_by": {
"type": "parse_exception",
"reason": "field must be either [lat], [lon] or [geohash]"
}
},
"status": 400
}
My best guess of the problem is that perhaps there is a discrepancy between the naming/nesting of a geo field expected by Kibana, and that of the geo field created by the ingest-geoip processor.
Thanks!