Add_field to write object & array values

kyunam · May 21, 2015, 2:24pm

Hi!

I'm trying to create geo_point field in a filter.
I can create a string representation of geo_point fine.
But I can't figure out how to write object representation & array representation of geo_point by using add_field. (I'm sure embarrassingly I'm not understanding something very simple....)

Can you show me how to write both object & array representations?

filter {
mutate {
convert => { "x" => "float" }
convert => { "y" => "float" }
add_field => { "location" => "%{y},%{x}" }
# Following adds string values, not float values..
# add_field => { "location" => ["%{x}","%{y}"] }
}

Thanks,
Q

jcfrench · April 4, 2017, 3:56am

There are a couple tricks.

load your values into nested object fields instead of normal fields
convert the entire object.
adjust your elasticsearch mapping to let it know that your field is a geo_point (not shown)

mutate {
add_field => {
"[pos][lon]" => "%{lon}"
"[pos][lat]" => "%{lat}"
}
convert => {
"pos" => "float"
"elevation" => "float"
}
}

R-
-J

Topic		Replies	Views
How do i create field Types such as geo_point in a logstash conf file? Logstash	6	581	November 12, 2020
Geo-Point Mapping Elasticsearch	23	2183	May 7, 2021
Create geopoint data Logstash	5	5538	December 13, 2017
How to map new created fields into existing index? Logstash	1	473	August 17, 2017
Add a field as a "parent" parameter with add_field (for geo_point) Logstash	3	1916	July 6, 2017

Add_field to write object & array values

Related topics