Add geo point in Elastic

klynxe · July 29, 2021, 4:52pm

Hi everyone,
I use ELK and filebeat. I send a lot of logs with different fields.
logstash config:

input {
    beats {
      port => 5044
      include_codec_tag => false
    }
}

filter {
  if [type] == "json" {
    json {
      source => "message"
      target => "msg"
    }
    mutate {
      remove_field => ["msg.ecs.version", "ecs.version", "@version"]
    }
  }
  if [type] != "json" {
    grok {
      match => {
        message => ["time=\"%{TIMESTAMP_ISO8601:time}\""]
        }
      }
    date {
      match => [ "time", "YYYY-MM-dd'T'HH:mm:ssZZ"]
      target => "time"
    }
  }
}

output {
  elasticsearch {
    hosts => ["elasticsearch:9200"]
    sniffing => true
    manage_template => false
    index => "%{[source][project]}-%{[source][application]}-%{+YYYY.MM.dd}"
  }
}

Some of my message contain location

{
"location": {
    "lat": 11.11,
    "lon": 22.22
  }
}

In elastic I can see my location, ( msg.location.lat and msg.location.lon ), but I don't know how convert my location to geo_point. As I understand current index mapping is created by logstash plugin or by elastic search by default template. What and where shoud I write to use my location as geo_point?

system · August 26, 2021, 4:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Help with ELK and geo_point for Filebeat Logstash	1	383	November 23, 2018
Geo_point automatically Logstash	5	1342	June 15, 2021
Filebeat to logstash geo_point missing Logstash	6	448	November 16, 2018
Elastic geo_point Elasticsearch	2	378	June 20, 2019
Unable to create geo points Logstash	3	310	May 10, 2022

Add geo point in Elastic

Related Topics