Elastic Maps Vector Layer

Elastic Stack Kibana
1

My logs are pushing an array of geo-point like so:

locations: [
    [
      4.151769893672637,
      12.881042132361447
    ],
    [
      12.44568712640465,
      1.5481532379424046
    ],
    [
      10.203030784433592,
      12.178047606853497
    ],...
]

When I create a map using Cluster and Grids layer, it seems like it's only drawing one item in the array instead of everything in the array. But it's counting it as a cluster with a count of 2.
Do I have to send the logs individually for each location?

I'm using Kibana 7.8. When I used Kibana 7.7 it seemed normal. This happened after my update to 7.8

2

Hi @Kayla_Vo,

I've checked and everything seems to be running OK on my test, let me show what I tried

Create a test index with an array and a single document

First create a simple index and insert an array of points and a single doc for comparison

PUT test_array
{
  "settings": {
    "number_of_replicas": 1,
    "number_of_shards": 1
  },
  "mappings":{
    "properties": {
      "location": {
        "type": "geo_point"
      },
      "category": {
        "type": "keyword"
      },
      "title": {
        "type": "text"
      }
    }
  }
}

POST test_array/_doc/1
{
  "location":
    {
      "lat": 40,
      "lon": 10
    } ,
  "category": "test",
  "title": "Test single"
}

POST test_array/_doc/2
{
  "location":[
    {
      "lat": 0,
      "lon": 0
    },
    {
      "lat": 10,
      "lon": 10
    },
    {
      "lat": -10,
      "lon": 10
    },
    {
      "lat": -10,
      "lon": 10
    }
  ] ,
  "category": "test",
  "title": "Test array"
}

Create a map showing both single documents and a grid

Result on 7.7:

2020-07-27_13-36
2020-07-27_13-361625×1302 645 KB

Result on 7.8

2020-07-27_13-41
2020-07-27_13-411966×1268 393 KB

So on both versions the cluster layer renders all points from the cluster.

Could you share more details of your use case? Making your example as easy as possible replicating the issue and then sharing the request and response from Elastic would help to understand what may be happening to you

Peek 2020-07-27 13-47
Peek 2020-07-27 13-471170×819 1.79 MB

3

When I create a map using Cluster and Grids layer, it seems like it's only drawing one item in the array instead of everything in the array. But it's counting it as a cluster with a count of 2.
Do I have to send the logs individually for each location?

I would recommend sending each location as its own document. The reason for this is that aggregations count the entire array of values as matches for a bucket even if only a single element in the array matches the bucket. This means that since your locations are all over the world, the geo centroid for the bucket is skewed outside of the geo tile grid bucket itself. See Arrays of geo_points mess up geohash_grid with geo_centroid · Issue #24694 · elastic/elasticsearch · GitHub for more details about the problem.

Kibana clamps geo centroid to the bounds of the geo tile grid so that even if the centroid is outside of the grid, the cluster is visualized in the grid's location.

I am not sure why you are seeing differences between versions 7.7 and 7.8 since this logic has existed since the app launched all the way back in 6.7. Maybe you were just displaying the results as individual documents in 7.7?

1 Like
5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.