When I use Logstash's geoip to encode an ip address, I get different field types in Elasticsearch when i use logstash-foo as an index vs logs-foo as an index.
logstash-foo (matches the default index naming convention) imports geoip.location as a geo_point field, where logs-foo imports geoip.location as a float.
I'm wondering why this happens and how I could get my arbitrary index, logs-foo, to import geoip.location fields as geo_point.
This is because Logstash installs an index template that says that the field in question should be a geo_point field, but this index template only applies to indexes whose name matches logstash-*.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.