Create geopoint data

Hi there,

I want to create a beautiful visualisation of some geopoints on a map.
I have a small view of 5 points in a relational database and I'm trying to put a correct code in Logstash filter to import the right data in the right format.
but I still don't know how to do it.

My view's format:
Country_name lat lon
count1
count2
count3
count4
count5

How do I have to do to convert "lat" and "lon" values to geopoint.
Good to know that they're already converted into "float" in the SELECT statement in the input part.

Could anyone help?

Thank's in advance.

Cordially,

See https://www.elastic.co/blog/geoip-in-the-elastic-stack for some pointers. There are two things at play:

  • Your ES index must be configured to map the lat/lon field in question as geo_point. This is typically done with an index template. Logstash's default index template contains a geo_point field that you can use, but keep in mind that the default template only matches indexes whose name match logstash-* so if you're creative with the index naming you'll be disappointed.
  • Logstash needs to send an event to ES where the field you want to have as geo_point has a certain look. The requirements for such fields is described in ES's geo_point documentation.
1 Like

Hi magnusbaeck,

Thank's for the answer.
Excuse my ignorance about ELK, I'm really new at it.
I completely agree with the fact that the fields "lat" and "lon" have to be converted and that I have to do so with Logstash's filter before loading them in ES.
The thing is that I haven't understood yet how to convert them with "geoip", function and mutate.

I'm actually using jcdb. Input and output are ok for me. If I've understood what you said, I have to rename the index something like: "logstash-positions_gps".

My problem is in the filter part.
How do I organize it? grok, geoip, mutate, rename, add_field... ??? I don't know, where to start, what to put et and how to order it all...

The input is agencies' latitude and longitude positions picked-up on Google Maps.
The aim is to put 5 agencies on a map with some conditions about their work.

Could you help please?

Thank's in advance,
Rym

Hi magnusbaeck,

I think I found how to code it, and the data have been loaded on the right format: (see the file joined: Kibana )

but no point showed on Kibana's coordinate map.

In input statement, I've called the function geohash_encode:
geohash_encode(CAST(lat AS SIGNED),CAST(lon AS SIGNED),12) AS geohash

And in the filter
filter {

geoip {
	source => ["POSITIONS_GPS"]
	}

}

The thing is that I haven't understood yet how to convert them with "geoip", function and mutate.

The geoip filter turns IP addresses into lat/lon values, but you already have the lat/lon values so you don't need that filter. All you need to do is

If I've understood what you said, I have to rename the index something like: "logstash-positions_gps".

If you want to rely on Logstash's index template, yes. The template maps the [geoip][location] field as geo_point.

So to summarize, name your index logstash-positions_gps och store the lat/lon values in [geoip][location] in a format described in the docs I linked to above. If you want to customize the index name or the field name then that's fine, but I suggest you get it working first.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.