I have an ES 7.1 cluster running locally. I forward some AWS ELB logs to it, via logstash. I am getting geoip data, but I want to use a Kibana visualization that relies on geo_point data type. RIght now I get an error in Kibana about not having geo_point in the index.
I use index_templates and I declare a mapping section to define location as a geo_point. It applies correctly, but when I check the index template it has no mappings associated with it. curl fragments below.
I am assuming and want to verify that this is because mapping types were remove in 7.x? and I will need to do this via in ingestion pipeline or at the logstash level?
Index Template
_template/test_template" -H 'Content-Type: application/json' -d'
{
"index_patterns": [ "test_*" ],
"settings": {
"number_of_shards": "2",
"number_of_replicas": "2"
}
},
"mappings" : {
"dynamic_templates" : [ {
"message_field" : {
"path_match" : "message",
"match_mapping_type" : "string",
"mapping" : {
"type" : "text",
"norms" : false
}
}
}, {
"string_fields" : {
"match" : "*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "text", "norms" : false,
"fields" : {
"keyword" : { "type": "keyword", "ignore_above": 256 }
}
}
}
} ],
"properties" : {
"@timestamp": { "type": "date"},
"@version": { "type": "keyword"},
"geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
}
}
}
"aliases": {}
}'
Index template check
_template/test_template | jq .
{
"test_template": {
"order": 0,
"index_patterns": [
"test_*"
],
"settings": {
"index": {
"number_of_shards": "2",
"number_of_replicas": "2"
}
},
"mappings": {},
"aliases": {}
}
}