Create geoip field in elasticsearch template

pkaramol · February 11, 2019, 2:49pm

I am using the geoip plugin of logstash to get geographical information about hosts.

I am using

          geoip {
            source => "dst"
          }

which seems to work, but creates the following two fields in my elasticsearch documents

How can I concatenate these in a geoip entry?

something like a composite json object in the likes of:

"geoip"  : {
  "properties" : {
    "latitude" : { "type" : "half_float" },
    "longitude" : { "type" : "half_float" }
  }
}

Igor_Motov · February 15, 2019, 9:26pm

How can I concatenate these in a geoip entry?

There is no geoip type in elasticsearch, I think it might be better to map location as a geo_point. You can do it like this:

"geoip": {
  "properties": {
    ... mapping for all other fields ...
    "location": {
      "type": "geo_point"
    }
  }
}

system · March 15, 2019, 9:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Create properties with wildcard Elasticsearch	8	921	August 31, 2018
How to create geo-point fields from longitude / latitude Elasticsearch	8	638	April 11, 2021
GeoIP Mapping in ES Elasticsearch	3	2216	August 30, 2018
Template mapping examples not clear for geoip Logstash	6	520	February 25, 2019
Concatenate 2 values to make a geo_point field Elasticsearch	2	582	September 4, 2019