Heat map error: index pattern does not contain any of the following field types: geo_point

[aviationfan]

Describe the bug Heat map vis failing with an error No Compatible Fields: The logstash-syslog-dns* index pattern does not contain any of the following field types: geo_point

Screenshots

Why is geoip.location not found? I see it in some of the records in the JSON. I do not see it in my index pattern though.

[nin9s]

thank you again for your detailed testing @aviationfan ! I suspect it is generally found but not with the correct fied type geo_point so you see it in the jsons but kibana cant use it as a vis source for geographic data.

Please try the following template and test again. Do you have the geoip plugin enabled?

https://github.com/nin9s/elk-hole/pull/15/commits/726efb61c2198810d3479f7142e25548832554f9

[aviationfan]

Would that change to the template only affect new data or would it fix old data too?

[nin9s]

It would only affect a new index, New data in the existing index isn't sufficient.

Index templates are only applied during index creation unfortunately

[nin9s]

@aviationfan fixed?

[aviationfan]

Looks like the heatmap is working but other stuff may not be. I am seeing 79 fields in the index pattern, is that right?

[nin9s]

It’s difficult to answer (at least for me) if 79 are correct. I have 100 where 11 are conflicts produced by changes in the field types in the different indexes

Are you expecting something special to not work correctly?

I will clear all indexes but the latest and check back the field types counter

[nin9s]

79 fields is correct!

[aviationfan]

Great, that matches then.