Hi,
I’m not able to get the world map widget working (but worked already some years ago with same settings on older Graylog versions), maps stay empty or throw errors that only numeric fields can be visualized.
A click on the fieldname with the coordinates shows that mapping should be correct compound(geo-point,string) , values are populated by lookup table (mapping of internal IP addresses to locations).
The docu I’ve found for Geolocation shows screenshots of very old GUI version.
My environment
Graylog 3.3.16/OpenJDK11 on Linux 5.x
Elasticsearch 6.8, MongoDB 4.2, all systems clustered
Mapping for location field is geo_location, format “,” (string notation)
3. What steps have you already taken to try and solve the problem?
No real changes on field format possible - other formats are rejected by ES or I was not able to switch to a different format like array ES Geopoint Formats
4. How can the community help?
Has anybody experiences with this topic?
Have the settings changed and there is a docu bug?
They way you describe it, you have worked in Elasticsearch to set the field type to “geo_point” but Graylog doesn’t use that field type, it uses “keyword” with lat/lon data … granted you have an older version of Graylog (You can find archived docs for it here) so for instance when I examine some of my data the field will show up like so:
external_ip_geolocation
37.751,-97.822
and if I examine the field type in Elasticsearch it appears as such:
Great, this solves my problem, now there is an additional field with string format
I think I’ve changed the mapping from string to geopoint to use the grafana world map plugin.
Basically it would make sense to use geopoint because you can do geo calculations like distance, boxing… ES Geo queries.
Too bad that the Graylog world map currently does not support such nice features…
I considered adding Grafana into the mix - I would create a custom index mapping for a different field and see if I could get Graylog to copy the keyword field data to the custom geo_point field I haven’t checked to see if the data would need to change or even if Graylog would allow a field type it doesn’t use… If you go that route, let me know how it goes!