Document how to configure ingest node to have geoip

[dedemorton]

@monicasarbu Here's my first draft. I probably need to give this another good read through, but I wanted to get it out to you for a first review. I've added a step to define mappings in the index template to get the location field to work in the visualization (without the mappings, the latitude and longitude get indexed as floats). (I haven't really worked much with mappings, so I hope it's OK.) If there is someway to take the latitude and longitude and index it directly into the client_location field (which is already a geo_point) then that would be better, but I'm not sure how to do that using the options that are available in the ingest geoIP processor plugin.

[monicasarbu]

I have created a PR #2795 to make a smooth integration between Beats and the Ingest GeoIP Processor Plugin. Here are the steps that the user should follow in case he/she needs to add GeoIP information for the client_ip:

1. Install Ingest GeoIP Processor Plugin: https://www.elastic.co/guide/en/elasticsearch/plugins/master/ingest-geoip.html
2. Define a GeoIP processor in a pipeline by using Console from Kibana:

PUT _ingest/pipeline/geoip-info
{
  "description" : "Add geoip info",
  "processors" : [
    {
      "geoip" : {
        "field" : "client_ip",
        "target_field": "client_geoip",
        "properties": ["location"],
        "ignore_failure" : true
      }
    }
  ]
}

This will add the client_geoip.location field of type geo_point to the event.
3. Start Packetbeat (feature available only in 5.0.0-GA)
4. Import Kibana dashboard for Packetbeat or create a Tile map using client_geoip.location as Geohash.

Things that needs to be done (hopefully part of this PR):

• Mark client_location as DEPRECATED in favor of client_geoip. I couldn't find this in the documentation, but I remember that we decided to deprecate this a long time ago. Use client_geoip.location for the GeoIP location of the client_ip #2795

[monicasarbu]

The benefit is that you don't need to install the geoip database on all the Beats, and you can install it only on your Elasticsearch.

[monicasarbu]

to Ingest Node instead of ES

[monicasarbu]

or another easier solution would be to use Console from Kibana instead of writing it to a file and then loading it usign curl.

[dedemorton]

I prefer your streamlined approach. I was trying to be consistent with how we describe using ingest node elsewhere, but I think it's OK for users to see a couple of different ways to define pipelines and to know that the syntax is a bit easier if you use the console in Kibana.

[monicasarbu]

this step is not needed, as I changed the template to accommodate client_geoip.location.

[dedemorton]

Awesome! That will be so much easier for the users.

[monicasarbu]

@dedemorton The documentation looks good to me. Please update it with the latest changes I wrote above.

[dedemorton]

@monicasarbu I've resolved the comments from the review. I decided that I wouldn't cover the Kibana steps in too much detail, but I kept info about refreshing the index field list because I ran into this problem when I tested the steps.

[dedemorton]

This PR resolves #1671, which is also tracked in #2482