Visualize Map Problems

Elastic Stack Kibana
1

Winlogbeat-* index has geoip.location as number
Using the guide https://www.elastic.co/blog/monitoring-windows-logons-with-winlogbeat
geoip.location was empty when examining event logs 4624.
After following the instructions in the guide geoip.location was populated with information, but geo_point was not referenced to geoip.location

filebeat-* index has geoip.location as geo_point but the map will not displat any geo_points - just a map with a red dot.
Used the guide https://www.elastic.co/blog/geoip-in-the-elastic-stack to setup filebeat.
My map:

<img src="/

Thanks

2

RedDot_2017-06-01_08-14-42.png800×600 153 KB

3

Regarding the Winlogbeat problem:

I'm afraid I can't follow you there. geo_point is the data type used for the geoip.location field in the blog post you linked. Could you maybe rephrase the problem statement?

As for the Filebeat problem: Have you made certain that there are documents that are within the time interval selected in the time picker (if your index is configured as a time-based index)? Using the small upwards-pointing arrow in the lower left corner of the map you can show the raw data underlying the visualization as well details about the request, which might help your while debugging.

4

I can understand why you can't follow me, becaust I don't know what I am doing. I have been reading a lot, but most of what I am reading doesn't make much sense. So I will try to explain better.
I used the guide GeoIP in the Elastic Stack - Elasticsearch, Logstash, Ingest API | Elastic Blog to setup filebeat.
Firts part of my map.

800×600 96.1 KB

I don't know if geo_point is properly referenced.

The second part of the map:

800×600 135 KB

A map with no points.

The third part of the map:

800×600 81.1 KB

I clicked on the down arrow, but I don't know what the 80 count means.

The Request screenshot:

800×600 90.4 KB

The Response screenshot:

800×600 88.9 KB

The Statistics screenshot:

800×600 79.5 KB

Geoip.location:

800×600 103 KB

Log info:

800×600 119 KB

Does this help? If not, what info do you need & how may I collect it?
Thanks

5

Did you click the :arrow_forward: button at the top to apply the geo hash aggregation? The request and response show no indication that a geohash aggregation has been applied.

6

Thanks, I now know what to look for in the Response tab. Apparently the Apply Block in the Youtube videos has been changed to the :arrow_forward: button at the top.
Thanks again.

7

After some failed attempts to create mpas with points I discovered the steps to put points on the map


Then :

Bingo!

Looks like the Russians are busy.

Thanks for all your help.

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.