Exactly - how to map geoip.location to geo_point- WTF!

Bob_Metelsky · December 13, 2016, 4:03am

Folks - I'm at a complete loss here. I've scoured the web trying to find out how to do this and this just seems unnecessarily complicated.

Can someone point me to a working example of what is needed to map my data to geo_point

This is truly ridiculous - how such a useful feature can be so hidden and DIFFICULT to implement. How can this product grow at this rate of working documentation or ease of implementation

I'm definitely not a novice - but who ever manages this - needs to get with some working examples for the everyday man.

I've wasted a half day on this simple step

Let's see the elastic search support team...

my example
https://sites.google.com/site/developtroubleshooting/elastic-geoip/mapping2

warkolm · December 13, 2016, 4:27am

geoip.location looks to be a number, not a geopoint.
So it'd depend on what you have set your template/mapping to be.

Bob_Metelsky · December 13, 2016, 5:05am

Mark I have a presentation to a users group re elastic. I'm trying to get an answer to using this feature. What exactly can you tell me based on my question? I don't know template mapping I'm using the main mapping file in the log stash Conf and posted on the website I linked.

Bob_Metelsky · December 13, 2016, 5:09am

I'm using this template per log stash.conf

elasticsearch-apache-weblogs-geoip.json
{
"template" : "apache-weblogs-geoip*",
"settings" : {
"index.refresh_interval" : "5s"
},
"mappings" : {
"default" : {
"_all" : {"enabled" : true, "omit_norms" : true},
"dynamic_templates" : [ {
"message_field" : {
"match" : "message",
"match_mapping_type" : "string",
"mapping" : {
"type" : "string", "index" : "analyzed", "omit_norms" : true,
"fielddata" : { "format" : "disabled" }
}
}
}, {
"string_fields" : {
"match" : "*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "string", "index" : "analyzed", "omit_norms" : true,
"fielddata" : { "format" : "disabled" },
"fields" : {
"raw" : {"type": "string", "index" : "not_analyzed", "ignore_above" : 256}
}
}
}
} ],
"properties" : {
"@timestamp": { "type": "date" },
"@version": { "type": "string", "index": "not_analyzed" },
"geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "float" },
"longitude" : { "type" : "float" }
}
}
}
}
}
}

Bob_Metelsky · December 13, 2016, 5:10am

elasticsearch-apache-weblogs-geoip.json
{
"template" : "apache-weblogs-geoip*",
"settings" : {
"index.refresh_interval" : "5s"
},
"mappings" : {
"default" : {
"_all" : {"enabled" : true, "omit_norms" : true},
"dynamic_templates" : [ {
"message_field" : {
"match" : "message",
"match_mapping_type" : "string",
"mapping" : {
"type" : "string", "index" : "analyzed", "omit_norms" : true,
"fielddata" : { "format" : "disabled" }
}
}
}, {
"string_fields" : {
"match" : "*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "string", "index" : "analyzed", "omit_norms" : true,
"fielddata" : { "format" : "disabled" },
"fields" : {
"raw" : {"type": "string", "index" : "not_analyzed", "ignore_above" : 256}
}
}
}
} ],
"properties" : {
"@timestamp": { "type": "date" },
"@version": { "type": "string", "index": "not_analyzed" },
"geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "float" },
"longitude" : { "type" : "float" }
}
}
}
}
}
}

warkolm · December 13, 2016, 5:20am

Ok, and what does the applied mapping for the actual document look like? ie query the _mapping endpoint and show us.

system · January 10, 2017, 5:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.