Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update module ingest node templates to include geo_shapes when possible #11702

Closed
alexfrancoeur opened this issue Apr 8, 2019 · 5 comments
Closed

Update module ingest node templates to include geo_shapes when possible #11702

alexfrancoeur opened this issue Apr 8, 2019 · 5 comments
Labels
discussion ecs enhancement module needs_team Indicates that the issue/PR needs a Team:* label Stalled

Comments

@alexfrancoeur
Copy link

alexfrancoeur commented Apr 8, 2019
edited
Loading

The new Maps app has a ton of cool new features, one of which allows us to plot individual geo_shapes and geo_points on a map. A cool out of the box example would be to draw a line between the source and destination of an event. This in particular would be useful for SIEM pew pew maps, RUM user traffic, uptime monitoring, etc.

Example

source.geo.location has the geo_point:

{
  "lat": 41.19272,
  "lon": -8.38768
}

destination.geo.location has the geo_point:

{
  "lat": 12.30954,
  "lon": 123.67961
}

If there is a way through an ingest node script processor to check for both locations, it'd be pretty cool to build this line out of the box.

{
  "type": "linestring",
  "coordinates": [
    [
      -8.38768,
      41.19272
    ],
    [
      123.67961,
      12.30954
    ]
  ]
}

Resulting in a map that looks like this:

image
https://github.com/alexfrancoeur/elastic_maps_examples

With or without this functionality, we should probably start thinking about shipping maps out of the box for some of these modules (especially when they can be embedded into dashboards soon) and embedding these maps into the actual solutions experiences (SIEM, uptime, etc.).

cc: @tsg @MikePaquette @dov0211 @thomasneirynck @webmat
@webmat webmat mentioned this issue Apr 8, 2019
Open
@ruflin
Copy link
Contributor

ruflin commented Apr 9, 2019

@webmat I see you you already added this to the potential ECS ingest processor. I wonder if with this potentially we could even offer some ECS dashboard.

@webmat
Copy link
Contributor

webmat commented Apr 10, 2019

@ruflin Yes, great idea! It doesn't quite fit the gist of elastic/ecs#181, so I've opened elastic/ecs#423.

@alexfrancoeur
Copy link
Author

During the 7.0 live even @thomasneirynck did a similar demo and there were immediate questions around how to draw the line for the "pew pew" map. This specific user was hoping to see this functionality out of the box in 7.x. I thought this might be a good place to share that feedback 😄

@alexfrancoeur alexfrancoeur mentioned this issue Jul 19, 2019
Closed
@botelastic
Copy link

botelastic bot commented Jul 8, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@botelastic botelastic bot added Stalled needs_team Indicates that the issue/PR needs a Team:* label labels Jul 8, 2020
@botelastic
Copy link

botelastic bot commented Jul 8, 2020

This issue doesn't have a Team:<team> label.

@botelastic botelastic bot closed this as completed Aug 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion ecs enhancement module needs_team Indicates that the issue/PR needs a Team:* label Stalled
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@webmat @ruflin @alexfrancoeur