Geo_point index create in Elasticsearch

ashok9177 · September 11, 2019, 7:31am

Hi All,

Below it the my logstash output conf file, as per the conf new Index will create on daily basis. how can I create these all indexes with geo_type ?

output {
elasticsearch {
hosts => ["localhost"]
user => 'elastic'
password => 'password'
manage_template => false
index => "file-%{+YYYY.MM.dd}"
}
}

Igor_Motov · September 16, 2019, 12:52pm

We would need to know more information about what you are trying to do in order to answer your question. Which geo_type for when fields, how you manage templates (since you disable logstash template management), etc.

ashok9177 · September 16, 2019, 3:22pm

can you please look into here Logstah geoIp filter for kibana Map

Igor_Motov · September 16, 2019, 3:47pm

@ashok9177 I am sorry, I really want to help, but I don't understand your questions, either here or in logstash forum.

ashok9177 · September 16, 2019, 4:02pm

Thank you so much for your reply, I will explain in details here,

I have sample log file here, there are cordinates in log message, I just want to display cordinates in kibana map

2019-09-10 13:47:45.678 [INFO] from application in pool-1-thread-21 - SegmentName : ID Verified Longitude : 39.954752, Latitude : 39.954752 for transactionId : oiou9P3JQ-gDoee2

My question is How to geoip filter to parse two coordinates ? and how to create geo_point type indexes in elasticsearch

Igor_Motov · September 16, 2019, 4:09pm

The answer for both questions is in the documentation. Did you try to read documentation?

ashok9177 · September 16, 2019, 4:23pm

I tried below filter but not working can you please give me same filter

mutate {
add_field => [ "[geoip][location]", "%{longitude}" ]
add_field => [ "[geoip][location]", "%{latitude}" ]
}

mutate {
convert => [ "[geoip][location]", "float" ]
}

}

Igor_Motov · September 16, 2019, 4:24pm

What's not working?

ashok9177 · September 16, 2019, 4:26pm

getting this error, I think it's index type issue I am creating on daily basis but no idea how convert it as geo_point index

output {
elasticsearch {
hosts => ["localhost"]
user => 'elastic'
password => 'password'
manage_template => false
index => "file-%{+YYYY.MM.dd}"
}
}

stephenb · September 16, 2019, 8:51pm

hi @ashok9177

You need to create a mapping first that has a geo_point data type first before you index the data

See This Thread is may help

ashok9177 · September 17, 2019, 9:37am

Hi @stephenb thanks for reply, I am confused with what logstash filter to use, can you please suggest me ?

system · October 15, 2019, 9:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Geoip filter in logstash with Index Template not creating geo_point object as expected Kibana	6	1216	November 19, 2021
Logstash geo_point Logstash	16	615	October 25, 2018
How do i create field Types such as geo_point in a logstash conf file? Logstash	6	581	November 12, 2020
Geoip filter not creating type geo_point but only string type Logstash	3	287	June 18, 2020
How do you make geo_points in Elasticsearch 6.x? Elasticsearch	5	1705	January 19, 2018

Geo_point index create in Elasticsearch

Related Topics