Hi all, I have ingested some log data with logstash, applied the geoip filter and the geoip fileds are populating however when I try to create a map visualisation, the index with the data is not available?
What am I missing here?
Have you checked if your index mapping has the geo_point type where your cordinates are stored? You need to specify the type manually in your index mapping, otherwise the data is inserted as a different type, logstash won't do that for you.
hi @jsanz I created my index before ingestion with the following code
PUT /bitvise-geo
{
"settings" : {
"number_of_shards" : 1
},
"mappings" : {
"properties" : {
"geoip.location": { "type": "geo_point" }
}
}
}
However I don't seem to have a geoip.location field in the output only these
geoip.location.lat
geoip.location.lon
geoip.longitude
geoip.latitude
Objects are one of the supported types for geo_point, there's plenty of posts on this topic here at discuss, I've found this one where a colleague suggests to refresh the index pattern in Kibana.
What do you see on your index pattern?
Another thing to try is to do a simple geospatial query against your index to confirm your data is stored as geometries, for example:
GET bitvise-geo/_search
{
"query": {
"bool": {
"must": [ { "match_all": {} } ],
"filter": {
"geo_bounding_box": {
"geoip.location": {
"top_left": { "lat": 90, "lon": -120 },
"bottom_right": { "lat": -90, "lon": 120}
} } } } } }
I ended up having to re-create the index pattern but at least it's working now.
Thanks for your help!