Geo_point index create in Elasticsearch

ashok9177 · September 11, 2019, 7:31am

Hi All,

Below it the my logstash output conf file, as per the conf new Index will create on daily basis. how can I create these all indexes with geo_type ?

output {
elasticsearch {
hosts => ["localhost"]
user => 'elastic'
password => 'password'
manage_template => false
index => "file-%{+YYYY.MM.dd}"
}
}

Igor_Motov · September 16, 2019, 12:52pm

We would need to know more information about what you are trying to do in order to answer your question. Which geo_type for when fields, how you manage templates (since you disable logstash template management), etc.

ashok9177 · September 16, 2019, 3:22pm

can you please look into here Logstah geoIp filter for kibana Map

Igor_Motov · September 16, 2019, 3:47pm

@ashok9177 I am sorry, I really want to help, but I don't understand your questions, either here or in logstash forum.

ashok9177 · September 16, 2019, 4:02pm

Thank you so much for your reply, I will explain in details here,

I have sample log file here, there are cordinates in log message, I just want to display cordinates in kibana map

2019-09-10 13:47:45.678 [INFO] from application in pool-1-thread-21 - SegmentName : ID Verified Longitude : 39.954752, Latitude : 39.954752 for transactionId : oiou9P3JQ-gDoee2

My question is How to geoip filter to parse two coordinates ? and how to create geo_point type indexes in elasticsearch

Igor_Motov · September 16, 2019, 4:09pm

The answer for both questions is in the documentation. Did you try to read documentation?

ashok9177 · September 16, 2019, 4:23pm

I tried below filter but not working can you please give me same filter

mutate {
add_field => [ "[geoip][location]", "%{longitude}" ]
add_field => [ "[geoip][location]", "%{latitude}" ]
}

mutate {
convert => [ "[geoip][location]", "float" ]
}

}

Igor_Motov · September 16, 2019, 4:24pm

What's not working?

ashok9177 · September 16, 2019, 4:26pm

getting this error, I think it's index type issue I am creating on daily basis but no idea how convert it as geo_point index

output {
elasticsearch {
hosts => ["localhost"]
user => 'elastic'
password => 'password'
manage_template => false
index => "file-%{+YYYY.MM.dd}"
}
}

stephenb · September 16, 2019, 8:51pm

hi @ashok9177

You need to create a mapping first that has a geo_point data type first before you index the data

See This Thread is may help

ashok9177 · September 17, 2019, 9:37am

Hi @stephenb thanks for reply, I am confused with what logstash filter to use, can you please suggest me ?

system · October 15, 2019, 9:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.