Add_field to write object & array values

Elastic Stack Logstash
1

Hi!

I'm trying to create geo_point field in a filter.
I can create a string representation of geo_point fine.
But I can't figure out how to write object representation & array representation of geo_point by using add_field. (I'm sure embarrassingly I'm not understanding something very simple....)

Can you show me how to write both object & array representations?

filter {
mutate {
convert => { "x" => "float" }
convert => { "y" => "float" }
add_field => { "location" => "%{y},%{x}" }
# Following adds string values, not float values..
# add_field => { "location" => ["%{x}","%{y}"] }
}

Thanks,
Q

2

There are a couple tricks.

  1. load your values into nested object fields instead of normal fields

  2. convert the entire object.

  3. adjust your elasticsearch mapping to let it know that your field is a geo_point (not shown)

    mutate {
    add_field => {
    "[pos][lon]" => "%{lon}"
    "[pos][lat]" => "%{lat}"
    }
    convert => {
    "pos" => "float"
    "elevation" => "float"
    }
    }

R-
-J