No alrets on map

[rootbdfy]

Hello! First of all I want to say thank you for dashboards. But I have problem with map : no any point on map and error : I've tried reindex, but it did not help.

[pevma]

You need to go to Kibana indexes (management) and refresh/update (button) all the mappings .

[rootbdfy]

Thx for the answer. Refresh/update did not help.

[pevma]

I think those are two separate issues. One is refresh the indexes which you already did. (btw you need to do it for all of the indexes logstash-......)

Two - no alerts on the map - The alerts on th e maps will appear only if there is a public IP in the alert. If the IPs generating the alerts are form the private ranges- they will not appear simple because there is no geoip location.

[pevma]

Aslo - looking at your screenshot - you are not at the correct place. You need to go to Kibana's indexes.

[rootbdfy]

Sorry, I messed up ES indices and Kibana indices. I've refreshd indexes, and got error on map : "Could not locate that index-pattern-field (id: geoip.location)". I use logstash template from your git and see that geoip.location not sended.

[pevma]

Where do you see that err?

[rootbdfy]

[pevma]

Is this a case where you only have internal/private range IPs ?

[rootbdfy]

No. I have a lot of data with geoip.coordinates , but no data with geoip.location.

[pevma]

I think you may also need the logstash.conf form here - the geoip part. https://github.com/StamusNetworks/SELKS/blob/SELKS5/staging/etc/logstash/conf.d/logstash.conf

[rootbdfy]

Doh, thx for link. All work fine !