Unable to visualize data on map

Hello,
just installed last version of ELK and have issue visualizing geo data on map.
My logstash.conf:

                            geoip {
                                    source => "src_ip"
                                    target => "src_ip_geoip"
                                    database =>"/usr/share/GeoIP/GeoLiteCity.dat"
                                    add_field => [ "[src_ip_geoip][coordinates]", "%{[src_ip_geoip][longitude]}" ]
                                    add_field => [ "[src_ip_geoip][coordinates]", "%{[src_ip_geoip][latitude]}"  ]
                                    }
                            geoip {
                                    source => "src_ip"
                                    target => "src_ip_geoip"
                                    database =>"/usr/share/GeoIP/GeoIPASNum.dat"
                                     }
                            geoip {
                                    source => "dst_ip"
                                    target => "dst_ip_geoip"
                                    database =>"/usr/share/GeoIP/GeoLiteCity.dat"
                                    add_field => [ "[dst_ip_geoip][coordinates]", "%{[dst_ip_geoip][longitude]}" ]
                                    add_field => [ "[dst_ip_geoip][coordinates]", "%{[dst_ip_geoip][latitude]}"  ]
                                     }
                            geoip {
                                    source => "dst_ip"
                                    target => "dst_ip_geoip"
                                    database =>"/usr/share/GeoIP/GeoIPASNum.dat"
                                     }
            mutate {
                                            convert => [ "[src_ip_geoip][coordinates]", "float" ]
                                            convert => [ "[dst_ip_geoip][coordinates]", "float" ]
                    }

output {
elasticsearch {
hosts => ["127.0.0.1:9200"]
sniffing => false
manage_template => false
}
}

the elasticsearch template:

curl -XGET 'http://127.0.0.1:9200/_template/filebeat?pretty'
{
"filebeat" : {
"order" : 0,
"template" : "filebeat-",
"settings" : {
"index" : {
"refresh_interval" : "5s"
}
},
"mappings" : {
"default" : {
"dynamic_templates" : [ {
"template1" : {
"mapping" : {
"ignore_above" : 1024,
"index" : "not_analyzed",
"type" : "{dynamic_type}",
"doc_values" : true
},
"match" : ""
}
} ],
"_all" : {
"norms" : {
"enabled" : false
},
"enabled" : true
},
"properties" : {
"dst_ip_geoip" : {
"dynamic" : true,
"type" : "object",
"properties" : {
"location" : {
"type" : "geo_point"
}
}
},
"@timestamp" : {
"type" : "date"
},
"offset" : {
"type" : "long",
"doc_values" : "true"
},
"src_ip_geoip" : {
"dynamic" : true,
"type" : "object",
"properties" : {
"location" : {
"type" : "geo_point"
}
}
},
"message" : {
"index" : "analyzed",
"type" : "string"
}
}
}
},
"aliases" : { }
}
}

In Kibana I see the data, like
dst_ip_geoip.location 13.133300000000008, 31.23330000000001
but are not shown on map.
Under settings -> indices i have that fileld as string type and not geo_point and don't know how to change.

Do you have any idea?
Many thanks in advance.

You need a template in place that defines this before you send the data to ES.
Thus you cannot change it, you need to reindex the data.

Can you please suggest me how to do it?

Il 20.03.2016 01:01 Mark
Walkom ha scritto:

warkolm [1] Mark Walkom [2]
March 19

garanews:

Under settings -> indices i have that fileld as string
type and not geo_point and don't know how to change.

You need a
template in place that defines this before you send the data to ES.

Thus you cannot change it, you need to reindex the data.

Visit Topic [3] or reply to this email to
respond

To stop receiving notifications for this particular topic,
click here [4]. To unsubscribe from these emails, change your user
preferences [5]

Connetti gratis il mondo con la nuova indoona: hai la chat, le chiamate, le video chiamate e persino le chiamate di gruppo.
E chiami gratis anche i numeri fissi e mobili nel mondo!
Scarica subito l’app Vai su https://www.indoona.com/