EFK missing geo_point

Question

I am running EFK using ECK 8.5.3. fluentd ConfigMap:

      @type geoip
      # Specify one or more geoip lookup field which has ip address (default: host)
      geoip_lookup_keys IP

      # Specify optional geoip database (using bundled GeoLiteCity databse by default)
      # geoip_database    "/path/to/your/GeoIPCity.dat"
      # Specify optional geoip2 database
      # geoip2_database   "/path/to/your/GeoLite2-City.mmdb" (using bundled GeoLite2-City.mmdb by default)
      # Specify backend library (geoip2_c, geoip, geoip2_compat)
      backend_library geoip2_c

      # Set adding field with placeholder (more than one settings are required.)
     <record>
        city            ${city.names.en["IP"]}
        latitude        ${location.latitude["IP"]}
        longitude       ${location.longitude["IP"]}
        country_code    ${country.iso_code["IP"]}
        country_name    ${country.names.en["IP"]}
        postal_code     ${postal.code["IP"]}
        location_properties '{ "lat" : ${location.latitude["IP"]}, "lon" : ${location.longitude["IP"]} }'
        location_string     ${location.latitude["IP"]},${location.longitude["IP"]}
        location_array      '[${location.longitude["IP"]},${location.latitude["IP"]}]'
      </record>      

ES template:

      "mappings": {
          "properties": {
              "location_properties": { "type": "geo_point" },
              "location_string": { "type": "geo_point" },
              "location_array": { "type": "geo_point" }
          }
      }

I don't see any of the properties in Kibana ECK 8.5.3 at all. What do I miss?

Answer 1

The issue can be fixed by using JSON format string.

As mentioned in the document:

As with geo_shape and point, geo_point can be specified in GeoJSON and Well-Known Text formats. However, there are a number of additional formats that are supported for convenience and historical reasons. In total there are six ways that a geopoint may be specified.

You can also refer to this stack post for more information.