I am using the geoip plugin of logstash to get geographical information about hosts.
I am using
geoip {
source => "dst"
}
which seems to work, but creates the following two fields in my elasticsearch documents
How can I concatenate these in a geoip entry?
something like a composite json object in the likes of:
"geoip" : {
"properties" : {
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
}
How can I concatenate these in a
geoipentry?
There is no geoip type in elasticsearch, I think it might be better to map location as a geo_point. You can do it like this:
"geoip": {
"properties": {
... mapping for all other fields ...
"location": {
"type": "geo_point"
}
}
}This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.