Create geoip field in elasticsearch template

pkaramol · February 11, 2019, 2:49pm

I am using the geoip plugin of logstash to get geographical information about hosts.

I am using

          geoip {
            source => "dst"
          }

which seems to work, but creates the following two fields in my elasticsearch documents

How can I concatenate these in a geoip entry?

something like a composite json object in the likes of:

"geoip"  : {
  "properties" : {
    "latitude" : { "type" : "half_float" },
    "longitude" : { "type" : "half_float" }
  }
}

Igor_Motov · February 15, 2019, 9:26pm

How can I concatenate these in a geoip entry?

There is no geoip type in elasticsearch, I think it might be better to map location as a geo_point. You can do it like this:

"geoip": {
  "properties": {
    ... mapping for all other fields ...
    "location": {
      "type": "geo_point"
    }
  }
}

system · March 15, 2019, 9:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Geoip plugin and private address Logstash	5	1068	April 25, 2018
GeoIP Mapping in ES Elasticsearch	3	2247	August 30, 2018
Geoip.location not getting mapped to a geo_point type Elasticsearch	3	9860	April 12, 2017
Map geoip.location to geo_point by default Logstash	5	4098	July 6, 2017
GeoIP data without geo_point Elasticsearch	5	1249	April 1, 2020