Help in importing Geo location data to Elasticsearch using logstash

Prakash_Punj · January 25, 2018, 3:16pm

Hi !,

New to ELK so don't understand a bunch of thing here. I have a set of data in a csv with following fields:

Longitude, Latitude, Location1
-76.67759, 39.29402, "(39.2940200000, -76.6775900000)"

I am trying to convert longitude and latitude to geo_ip data type. Below is my conf file. It isn't working. Please let me know what am I missing. I am using ES 6.1 / logstash 6.1

filter {
csv {
separator => ","
columns => ["crimedate","crimetime","crimecode","location","description","inside_outside","weapon","post","district","neighborhood","longitude","latitude","location1","premise","total_incidents"]

}
date {
match => ["crimedate", "mm/dd/yy"]
match => ["crimetime", "HH:mm:ss"]
}
mutate {convert => ["total_incidents", "integer"]}
mutate {convert => ["longitude", "float"]}
mutate {convert => ["latitude", "float"]}

            mutate {
                            add_field => [ "[geoip][longitude]", "%{lon}" ]
                            add_field => [ "[geoip][latitude]", "%{lat}" ]
                                            }

    }

output {
elasticsearch {
hosts => "http://localhost:9200"
index => "md_crime"
document_type => "md_crime_data"
}
stdout {codec => rubydebug}
}

magnusbaeck · January 29, 2018, 8:39am

Have you checked out https://www.elastic.co/blog/geoip-in-the-elastic-stack?
Please show an example event produced by your stdout output.
Have you uploaded an index template that makes sure the md_crime index get the right mappings?

system · February 26, 2018, 8:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.