Visualize Map Problems

lewis15 · June 2, 2017, 3:30pm

Winlogbeat-* index has geoip.location as number
Using the guide https://www.elastic.co/blog/monitoring-windows-logons-with-winlogbeat
geoip.location was empty when examining event logs 4624.
After following the instructions in the guide geoip.location was populated with information, but geo_point was not referenced to geoip.location

filebeat-* index has geoip.location as geo_point but the map will not displat any geo_points - just a map with a red dot.
Used the guide https://www.elastic.co/blog/geoip-in-the-elastic-stack to setup filebeat.
My map:

<img src="/

Thanks

lewis15 · June 2, 2017, 3:35pm

weltenwort · June 6, 2017, 11:44am

Regarding the Winlogbeat problem:

I'm afraid I can't follow you there. geo_point is the data type used for the geoip.location field in the blog post you linked. Could you maybe rephrase the problem statement?

As for the Filebeat problem: Have you made certain that there are documents that are within the time interval selected in the time picker (if your index is configured as a time-based index)? Using the small upwards-pointing arrow in the lower left corner of the map you can show the raw data underlying the visualization as well details about the request, which might help your while debugging.

lewis15 · June 6, 2017, 3:25pm

I can understand why you can't follow me, becaust I don't know what I am doing. I have been reading a lot, but most of what I am reading doesn't make much sense. So I will try to explain better.
I used the guide GeoIP in the Elastic Stack - Elasticsearch, Logstash, Ingest API | Elastic Blog to setup filebeat.
Firts part of my map.

I don't know if geo_point is properly referenced.

The second part of the map:

A map with no points.

The third part of the map:

I clicked on the down arrow, but I don't know what the 80 count means.

The Request screenshot:

The Response screenshot:

The Statistics screenshot:

Geoip.location:

Log info:

Does this help? If not, what info do you need & how may I collect it?
Thanks

weltenwort · June 6, 2017, 4:13pm

Did you click the button at the top to apply the geo hash aggregation? The request and response show no indication that a geohash aggregation has been applied.

lewis15 · June 7, 2017, 2:30pm

Thanks, I now know what to look for in the Response tab. Apparently the Apply Block in the Youtube videos has been changed to the button at the top.
Thanks again.

lewis15 · June 8, 2017, 12:42pm

After some failed attempts to create mpas with points I discovered the steps to put points on the map

Then :

Bingo!

Looks like the Russians are busy.

Thanks for all your help.

system · July 6, 2017, 12:42pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
GEO POINT Problem Beats filebeat	2	413	September 3, 2018
Unable to add geo_point mapping with sub lat/lon properties Elasticsearch	10	1556	September 16, 2019
Geo_point not working Beats packetbeat	4	1454	July 18, 2016
Geoip location not shown on Kibana map Kibana	5	2529	November 2, 2017
Field geoip.location not created in index winlogbeat-* Elasticsearch	2	1047	June 1, 2018

Visualize Map Problems

Related topics