Unindexed geo_point field. What am I missing?

blueren · September 17, 2021, 12:31pm

I have an elastic db which takes in netflow data and enriches them. I have two fields that are defined as below, in the template. (can verify that the template exists from Kibana > index management > mappings)

"dstGeoLocation": {
        "type": "geo_point"
      },
"srcGeoLocation": {
        "type": "geo_point"
},

The field gets populated with a default 0.0, 0.0 co-ordinate if the geo resolution does not happen.
I'm able to see the field in kibana as below:

The JSON equivalent being:

    "srcGeoLocation": [
      {
        "coordinates": [
          0,
          0
        ],
        "type": "Point"
      }
    ],

However, Kibana complains that this field is un-indexed:

What am I missing here? How do I get this searchable / filterable?

warkolm · September 20, 2021, 4:44am

Can you try doing a refresh on the index pattern and see if that changes anything?

blueren · September 22, 2021, 7:13am

Mark,

How do I refresh the Kibana index? I remember there was a dedicated refresh button for kibana index pattern. However on 7.x+ it seems to be missing. I read somewhere it was removed.

warkolm · September 23, 2021, 12:13am

Yeah it was removed in favour of auto-refresh in newer releases, so don 't worry if it's not there.

And just to confirm, the field is definitely mapped as a geopoint?

system · October 21, 2021, 12:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.