Unable to create Region Map Visualization

Elastic Stack Kibana
1

Hi all,

I am trying to create a Region Map visualization on Kibana using the IP addresses present in the log. I downloaded a sample of apache access log from the following link Apache access log

I was able to successfully ingest the file's log data into Logstash and parse the log data into Elasticsearch. These are the fields in the index pattern created.

Screenshot%20(4)
Screenshot (4).png1920×914 56 KB

The json response of the same looks like this after executing the query GET logstash-2018.07.07/_mapping

{
  "logstash-2018.07.07": {
    "mappings": {
      "doc": {
        "dynamic_templates": [
          {
            "message_field": {
              "path_match": "message",
              "match_mapping_type": "string",
              "mapping": {
                "norms": false,
                "type": "text"
              }
            }
          },
          {
            "string_fields": {
              "match": "*",
              "match_mapping_type": "string",
              "mapping": {
                "fields": {
                  "keyword": {
                    "ignore_above": 256,
                    "type": "keyword"
                  }
                },
                "norms": false,
                "type": "text"
              }
            }
          }
        ],
        "properties": {
          "@timestamp": {
            "type": "date"
          },
          "@version": {
            "type": "keyword"
          },
          "geoip": {
            "dynamic": "true",
            "properties": {
              "ip": {
                "type": "ip"
              },
              "latitude": {
                "type": "half_float"
              },
              "location": {
                "type": "geo_point"
              },
              "longitude": {
                "type": "half_float"
              }
            }
          },
          "host": {
            "type": "text",
            "norms": false,
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "message": {
            "type": "text",
            "norms": false
          },
          "path": {
            "type": "text",
            "norms": false,
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          }
        }
      },
      "_default_": {
        "dynamic_templates": [
          {
            "message_field": {
              "path_match": "message",
              "match_mapping_type": "string",
              "mapping": {
                "norms": false,
                "type": "text"
              }
            }
          },
          {
            "string_fields": {
              "match": "*",
              "match_mapping_type": "string",
              "mapping": {
                "fields": {
                  "keyword": {
                    "ignore_above": 256,
                    "type": "keyword"
                  }
                },
                "norms": false,
                "type": "text"
              }
            }
          }
        ],
        "properties": {
          "@timestamp": {
            "type": "date"
          },
          "@version": {
            "type": "keyword"
          },
          "geoip": {
            "dynamic": "true",
            "properties": {
              "ip": {
                "type": "ip"
              },
              "latitude": {
                "type": "half_float"
              },
              "location": {
                "type": "geo_point"
              },
              "longitude": {
                "type": "half_float"
              }
            }
          }
        }
      }
    }
  }
}

I want to create a Region Map using the IP addresses to show the corresponding locations on the map. I tried doing, but I am unable to create any visualization. It only shows a blank map.

I've been trying very hard to create a map visualization. Can someone please help me out?

2

Do you have the right time period selected (to right) to make sure data will be visible?

3

Yes, I did. It is still doesn't show up. Do I have to install additional plugins or change the configuration of logstash for GeoIP?

4

Can you see the documents in Discover?

5

I followed this tutorial GeoIP

However, I did not use Filebeat as I am directly ingesting apache files into logstash. Is the below configuration right?

input {
  file {
    path => "E:\elk\logstash\apache_logs"
    start_position => "beginning"
  }
}

filter {
  grok {
    match => { "message" => "%{COMBINEDAPACHELOG}" }
  }
  geoip {
      source => "clientip"
  }
}

output {
  elasticsearch {
    hosts => ["localhost:9200"]
  }
}

What should my clientip be?

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.