Use client_geoip.location for the GeoIP location of the client_ip (elastic#2795)

monicasarbu · monicasarbu · commit 8d716e0e8b23 · 2016-11-04T16:13:23.000+01:00
This information is available if you use the GeoIP processor from the Ingest GeoIP Processor Plugin. (cherry picked from commit 17758fc)
diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
@@ -60,6 +60,8 @@ https://github.com/elastic/beats/compare/v5.0.0...5.0[Check the HEAD diff]
 - Add system core metricset for Windows. {pull}2883}[2883]
 
 *Packetbeat*
+- Define `client_geoip.location` as geo_point in the mappings to be used by the GeoIP processor in the Ingest Node pipeline.
+  {pull}2795[2795]
 
 *Topbeat*
 
diff --git a/packetbeat/docs/fields.asciidoc b/packetbeat/docs/fields.asciidoc
@@ -1069,7 +1069,23 @@ type: geo_point
 
 example: 40.715, -74.011
 
-The GeoIP location of the `real_ip` IP address or of the `client_ip` address if the `real_ip` is disabled. The field is a string containing the latitude and longitude separated by a comma.
+DEPRECATED. Please use `client_geoip` instead.  The GeoIP location of the `real_ip` IP address or of the `client_ip` address if the `real_ip` is disabled. The field is a string containing the latitude and longitude separated by a comma. 
+
+
+[float]
+== client_geoip Fields
+
+The GeoIP information of the client.
+
+
+[float]
+=== client_geoip.location
+
+type: geo_point
+
+example: {'lat': 51, 'lon': 9}
+
+The GeoIP location of the `client_ip` address. This field is available only if you define a https://www.elastic.co/guide/en/elasticsearch/plugins/master/using-ingest-geoip.html[GeoIP Processor] as a pipeline in the https://www.elastic.co/guide/en/elasticsearch/plugins/master/ingest-geoip.html[Ingest GeoIP processor plugin] or using Logstash.
 
 
 [float]
diff --git a/packetbeat/docs/reference/configuration/packetbeat-options.asciidoc b/packetbeat/docs/reference/configuration/packetbeat-options.asciidoc
@@ -468,8 +468,7 @@ The default is false.
 The header field to extract the real IP from. This setting is useful when
 you want to capture traffic behind a reverse proxy, but you want to get the geo-location
 information. If this header is present and contains a valid IP addresses, the
-information is used for the `real_ip` and `client_location` indexed
-fields.
+information is used for the `real_ip` field.
 
 ===== max_message_size
 
diff --git a/packetbeat/etc/fields.yml b/packetbeat/etc/fields.yml
@@ -43,11 +43,24 @@
 
     - name: client_location
       type: geo_point
-      example: "40.715, -74.011"
+      example: 40.715, -74.011
       description: >
-        The GeoIP location of the `real_ip` IP address or of the
-        `client_ip` address if the `real_ip` is disabled. The field is a string
-        containing the latitude and longitude separated by a comma.
+        DEPRECATED. Please use `client_geoip` instead. 
+        The GeoIP location of the `real_ip` IP address or of the `client_ip` address if the `real_ip` is
+        disabled. The field is a string containing the latitude and longitude separated by a comma. 
+
+    - name: client_geoip
+      description: The GeoIP information of the client.
+      type: group
+      fields:
+        - name: location
+          type: geo_point
+          example: {lat: 51, lon: 9}
+          description: >
+            The GeoIP location of the `client_ip` address. This field is available
+            only if you define a
+            https://www.elastic.co/guide/en/elasticsearch/plugins/master/using-ingest-geoip.html[GeoIP Processor] as a pipeline in the
+            https://www.elastic.co/guide/en/elasticsearch/plugins/master/ingest-geoip.html[Ingest GeoIP processor plugin] or using Logstash.
 
     - name: client_port
       description: >
diff --git a/packetbeat/etc/kibana/index-pattern/packetbeat.json b/packetbeat/etc/kibana/index-pattern/packetbeat.json
diff --git a/packetbeat/etc/kibana/visualization/Client-locations.json b/packetbeat/etc/kibana/visualization/Client-locations.json
@@ -1,11 +1,10 @@
 {
-  "visState": "{\"title\":\"New Visualization\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"client_location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}", 
+  "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"autoPrecision\":true,\"field\":\"client_geoip.location\"},\"schema\":\"segment\",\"type\":\"geohash_grid\"}],\"listeners\":{},\"params\":{\"addTooltip\":true,\"heatBlur\":15,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatNormalizeData\":true,\"heatRadius\":25,\"isDesaturated\":true,\"mapCenter\":[15,5],\"mapType\":\"Scaled Circle Markers\",\"mapZoom\":2,\"wms\":{\"enabled\":false,\"options\":{\"attribution\":\"Maps provided by USGS\",\"format\":\"image/png\",\"layers\":\"0\",\"styles\":\"\",\"transparent\":true,\"version\":\"1.3.0\"},\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"}},\"title\":\"Client locations\",\"type\":\"tile_map\"}", 
   "description": "", 
   "title": "Client locations", 
-  "uiStateJSON": "{}", 
+  "uiStateJSON": "{\"mapCenter\":[0,-0.17578125]}", 
   "version": 1, 
-  "savedSearchId": "Packetbeat-Search", 
   "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
+    "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}"
   }
 }
diff --git a/packetbeat/packetbeat.template-es2x.json b/packetbeat/packetbeat.template-es2x.json
@@ -573,6 +573,13 @@
             }
           }
         },
+        "client_geoip": {
+          "properties": {
+            "location": {
+              "type": "geo_point"
+            }
+          }
+        },
         "client_ip": {
           "ignore_above": 1024,
           "index": "not_analyzed",
diff --git a/packetbeat/packetbeat.template.json b/packetbeat/packetbeat.template.json
@@ -499,6 +499,13 @@
             }
           }
         },
+        "client_geoip": {
+          "properties": {
+            "location": {
+              "type": "geo_point"
+            }
+          }
+        },
         "client_ip": {
           "ignore_above": 1024,
           "type": "keyword"

Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,10 @@`
`1`	`1`	`{`
`2`		- "visState": "{\"title\":\"New Visualization\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"client_location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}",
	`2`	+ "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"autoPrecision\":true,\"field\":\"client_geoip.location\"},\"schema\":\"segment\",\"type\":\"geohash_grid\"}],\"listeners\":{},\"params\":{\"addTooltip\":true,\"heatBlur\":15,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatNormalizeData\":true,\"heatRadius\":25,\"isDesaturated\":true,\"mapCenter\":[15,5],\"mapType\":\"Scaled Circle Markers\",\"mapZoom\":2,\"wms\":{\"enabled\":false,\"options\":{\"attribution\":\"Maps provided by USGS\",\"format\":\"image/png\",\"layers\":\"0\",\"styles\":\"\",\"transparent\":true,\"version\":\"1.3.0\"},\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"}},\"title\":\"Client locations\",\"type\":\"tile_map\"}",
`3`	`3`	`"description": "",`
`4`	`4`	`"title": "Client locations",`
`5`		`- "uiStateJSON": "{}",`
	`5`	`+ "uiStateJSON": "{\"mapCenter\":[0,-0.17578125]}",`
`6`	`6`	`"version": 1,`
`7`		`- "savedSearchId": "Packetbeat-Search",`
`8`	`7`	`"kibanaSavedObjectMeta": {`
`9`		`- "searchSourceJSON": "{\"filter\":[]}"`
	`8`	`+ "searchSourceJSON": "{\"index\":\"packetbeat-\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"\"}},\"filter\":[]}"`
`10`	`9`	`}`
`11`	`10`	`}`
Original file line number	Diff line number	Diff line change
`@@ -573,6 +573,13 @@`
`573`	`573`	`}`
`574`	`574`	`}`
`575`	`575`	`},`
	`576`	`+ "client_geoip": {`
	`577`	`+ "properties": {`
	`578`	`+ "location": {`
	`579`	`+ "type": "geo_point"`
	`580`	`+ }`
	`581`	`+ }`
	`582`	`+ },`
`576`	`583`	`"client_ip": {`
`577`	`584`	`"ignore_above": 1024,`
`578`	`585`	`"index": "not_analyzed",`
Original file line number	Diff line number	Diff line change
`@@ -499,6 +499,13 @@`
`499`	`499`	`}`
`500`	`500`	`}`
`501`	`501`	`},`
	`502`	`+ "client_geoip": {`
	`503`	`+ "properties": {`
	`504`	`+ "location": {`
	`505`	`+ "type": "geo_point"`
	`506`	`+ }`
	`507`	`+ }`
	`508`	`+ },`
`502`	`509`	`"client_ip": {`
`503`	`510`	`"ignore_above": 1024,`
`504`	`511`	`"type": "keyword"`