Am using Elastic stack for analysing the syslogs and i have geo filter enabled in logstash configuration and when I visualize it kibana the values getting divided like this.
We know the Los angeles is a city ,but my values are coming separately for los and angeles ,if its a place with single name I dont have issues but if a place second name (like San Francisco , Los angeles ) logs are getting divided and it shows some logs for first name and some logs for second name.
the reason for the results you are seeing is that Elasticsearch analyzes string fields by default and therefore splits the field content into terms. To avoid that you have two possibilities, depending on the version of Elasticsearch that you are using.
If you are using version 5.0 or above, the unanalyzed contents of the string field country are stored in country.keyword automatically.
In both cases, the city names contained in the properly configured fields will be treated as keywords and not individual terms for queries and should appear as expected in Kibana.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
