Oragin
geoip {
source => "filebeatserverip"
target => "filebeatserveripgeoip"
add_field => [ "[filebeatserveripgeoip][coordinates]", "%{[filebeatserveripgeoip][longitude]}" ]
add_field => [ "[filebeatserveripgeoip][coordinates]", "%{[filebeatserveripgeoip][latitude]}" ]
}
mutate {
convert => ["[filebeatserveripgeoip][coordinates]", "float"]
}
Delete
add_field => [ "[filebeatserveripgeoip][coordinates]", "%{[filebeatserveripgeoip][longitude]}" ]
add_field => [ "[filebeatserveripgeoip][coordinates]", "%{[filebeatserveripgeoip][latitude]}" ]
convert => ["[filebeatserveripgeoip][coordinates]", "float"]
geoip {
source => "filebeatserverip"
target => "filebeatserveripgeoip"
}
mutate {
}
=====
{
"index_patterns": ["filebeat*", "heartbeat*"],
"settings": {
"number_of_shards": 1
},
"mappings": {
"doc": {
"properties": {
"filebeatserveripgeoip.coordinates": {
"type": "geo_point"
}
}
}
}
}
Change filebeatserveripgeoip.coordinates -> filebeatserveripgeoip.location
{
"index_patterns": ["filebeat*", "heartbeat*"],
"settings": {
"number_of_shards": 1
},
"mappings": {
"doc": {
"properties": {
"filebeatserveripgeoip.location": {
"type": "geo_point"
}
}
}
}
}
template_filebeat.json
curl -v -XPUT elasticsearch:9200/_template/template_filebeat -H 'Content-Type: application/json' -d @/usr/share/config/template_filebeat.json
curl -v -XPUT elasticsearch:9200/_template/template_filebeat -H 'Content-Type: application/json' -d'
{
"index_patterns": ["filebeat*", "heartbeat*"],
"settings": {
"number_of_shards": 1
},
"mappings": {
"doc": {
"properties": {
"filebeatserveripgeoip.location": {
"type": "geo_point"
}
}
}
}
}'
location be created by geoip plugin.
MAX Import
GET _cat/indices?v
GET _cat/indices?v&s=index
GET filebeat-6.5.1-2018.12.06
DELETE filebeat-6.5.1-2018.12.06
GET _cat/indices?v
GET filebeat-6.5.1-2018.12.06
AND
refresh chrome (brwoser)