create a pipeline to extract GEO Info from monitor.ip
PUT _ingest/pipeline/
{
"description": "Adds Geo Info to monitor.ip",
"processors": [
{
"geoip": {
"field": "monitor.ip",
"target_field": "monitor.geo"
}
}
]
}
create a template so your new index will map monitor.geo.location as a geo_point (needed to display data on maps)
PUT _template/<template-name>
{
"index_patterns": [
"heartbeat-*"
],
"mappings": {
"properties": {
"monitor": {
"properties": {
"geo": {
"properties": {
"location": {
"type": "geo_point"
}
}
}
}
}
}
}
}