Geo_point : elastisearch 5.6.4 on RPI3

bruno-d · May 16, 2018, 10:22am

Hi, i reset my instance (perfectly running from 4 months) due to design and shard computation issues on this tiny machine. Unfortunately, all is running again as a charm except MAP. I read many blogs, threads but no one give me the solution.

My geoIP filter is running fine (country code, lat, long are ok ) but the MAP is gone... when i select a new map and geo hash i have this item No Compatible Fields: The "logstash-*" index pattern does not contain any of the following field types: geo_point.

Geoip pipeline filter is running and coordinates are filled as well as city, iso_code ? i got this issue one time but i forgot and could not found how i solved !
I tried all the sorcery and need accuracy thanks

bruno-d · May 16, 2018, 7:06pm

here get GET / _mapping
{
"logstash-2018.05": {
"mappings": {
"syslog": {
"properties": {
"@timestamp": {
"type": "date"
},
"@version": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"CPU": {
"type": "long"
},
"Disk": {
"type": "long"
},
"Port": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"RAM": {
"type": "long"
},
"Temp": {
"type": "long"
},
"Varx": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"geoip": {
** "properties": {**
** "city_name": {**
** "type": "text",**
** "fields": {**
** "keyword": {**
** "type": "keyword",**
** "ignore_above": 256**
** }**
** }**
** },**
** "continent_name": {**
** "type": "text",**
** "fields": {**
** "keyword": {**
** "type": "keyword",**
** "ignore_above": 256**
** }**
** }**
** },**
** "country_iso_code": {**
** "type": "text",**
** "fields": {**
** "keyword": {**
** "type": "keyword",**
** "ignore_above": 256**
** }**
** }**
** },**
** "location": {**
** "properties": {**
** "lat": {**
** "type": "float"**
** },**
** "lon": {**
** "type": "float"**
** }**
** }**
** },**
** "region_name": {**
** "type": "text",**
** "fields": {**
** "keyword": {**
** "type": "keyword",**
** "ignore_above": 256**
** }**
}
}
}
},

warkolm · May 17, 2018, 6:27am

It doesn't look like you have a location field that is mapped correctly. Check out https://www.elastic.co/blog/geoip-in-the-elastic-stack for some guidance on how to resolve this.

bruno-d · May 18, 2018, 6:03am

Hi Mark, I have already read your blog before and re-read again. I am still stuck. I remembered because i am living in sydney too

I run the command PUT /.kibana/_mapping/syslog
{
"properties": {
"geoip": {
"properties": {
"location": {
"type": "geo_point"
}
} }
}
}
it return true. i reload but i still have the same message on the map (cf screen shot) .
pipeline filter is running fine too. lat-lon are filled correctly.

"geoip": {
"properties": {
"city_name": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"continent_name": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"country_iso_code": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"location": {
"properties": {
"lat": {
"type": "float"
},
"lon": {
"type": "float"
}
}
},
"region_name": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}

Christian_Dahlqvist · May 18, 2018, 6:09am

Once an index has defined a mapping for a field, you can not change that without reindexing your data. You should add the mapping to an index template so that it will apply to all new indices. You can then reindex your data into new indices and this template will apply and correct your mapping.

warkolm · May 18, 2018, 7:23am

You are defining a geoip.location field, but the pipeline creates geoip.lat and geoip.lon.

bruno-d · May 18, 2018, 7:31pm

reindex your data into new indices:

I created a template my_logs with geo_point using PUT /_template/my_logs.

I know how to reindex logstach-* to a new index nlogstash* using Post _reindex

POST _reindex
{
"source": {
"index": "logstash-*"
},
"dest": {
"index": "nlogstash-2018-05",
"version_type": "internal"
}
}

but i don't know how to apply the template my_logs to the newindex because when i created a map with nlogstash- i have the same issue with geo_point ?

22870×726 44.4 KB

PUT /_template/my_logs
{
"template": "logstash-",
"order": 1,
"settings": {
"number_of_shards": 1
},
"mappings" : {
"default" : {
"_all" : {"enabled" : true},
"dynamic_templates" : [ {
"string_fields" : {
"match" : "",
"match_mapping_type" : "string",
"mapping" : {
}
}
} ],
"properties" : {
"geoip" : {
"type" : "object",
"dynamic": true,
"properties" : {
"location" : { "type" : "geo_point" }
}
}
}
}
}
}

bruno-d · May 21, 2018, 11:12am

heya, can you check my last reply please ? thanks

bruno-d · May 22, 2018, 8:43am

Hi, I created a template adding geo_point. The template is fine. I reindex my old index to a new one but the template does not apply ? might miss something see previous message. thanks in advance. regards

system · June 19, 2018, 8:43am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Geop.location not of geo_pooint. elastic.co 5.6.4 on RPI3 Elasticsearch	15	1751	July 1, 2018
Geo_point issue, need help in identifying the issue Elasticsearch	5	686	December 26, 2019
GeoIP data present but cannot be displayed Kibana	10	1631	May 16, 2018
Still has the problem that index pattern does not contain any of the following field types: geo_point Elasticsearch	4	424	November 29, 2018
[geoip.location is not of type geo_point] Index pattern does not contain any of the following field types: geo_point Elasticsearch	4	10207	August 31, 2017

Geo_point : elastisearch 5.6.4 on RPI3

Related topics