I am running Elasticsearch version 1.5.2. Logstash version 1.5.4.
Most of the logstash settings are default:
geoip {
source => "ipaddress"
}
output {
elasticsearch {
host => "127.0.0.1"
port => 9200
protocol => http
user => searchguard
password => somepassword
}
In Kibana, when I try to setup tile map, I see this error:
"No Compatible Fields: The "[logstash-]YYYY.MM.DD" index pattern does not contain any of the following field types: geo_point"
I checked the mapping "http://localhost:9200/logstash-2015.09.15?pretty" and geoip.location is mapped as double and not geo_point.
Any suggestions how to map this correctly?
More info:
curl -XGET localhost:9200/logstash-2015.09.15/_mapping
{
"logstash-2015.09.15": {
"mappings": {
"logs": {
"properties": {
"@timestamp": {
"type": "date",
"format": "dateOptionalTime"
},
"@version": {
"type": "string"
},
"csbytes": {
"type": "long"
},
"geoip": {
"properties": {
"area_code": {
"type": "long"
},
"city_name": {
"type": "string"
},
"continent_code": {
"type": "string"
},
"country_code2": {
"type": "string"
},
"country_code3": {
"type": "string"
},
"country_name": {
"type": "string"
},
"dma_code": {
"type": "long"
},
"ip": {
"type": "string"
},
"latitude": {
"type": "double"
},
"location": {
"type": "double"
},
"longitude": {
"type": "double"
},
"postal_code": {
"type": "string"
},
"real_region_name": {
"type": "string"
},
"region_name": {
"type": "string"
},
"timezone": {
"type": "string"
}
}
},
"ipaddress": {
"type": "string"
},
"log_timestamp": {
"type": "string"
},
"message": {
"type": "string"
},
"method": {
"type": "string"
},
"referer": {
"type": "string"
},
"scbytes": {
"type": "long"
},
"scstatus": {
"type": "long"
},
"tags": {
"type": "string"
},
"timetaken": {
"type": "long"
},
"useragent": {
"type": "string"
},
"username": {
"type": "string"
}
}
}
}
}
}
curl -XGET localhost:9200/_template/logstash
This is empty {}
I am using the defaults. I have not edited the default template.
