Help on Geo Point Set up

spraveenjd · July 12, 2016, 2:43pm

I have logstatsh configured as below, and also I have deleted the logstatsh template using "curl -XDELETE 'http://localhost:9200/_template/logstash'"

input {
jdbc {
jdbc_driver_library => "/app/elk/lib/ojdbc7.jar"
jdbc_driver_class => "Java::oracle.jdbc.driver.OracleDriver"
jdbc_connection_string => "jdbc:oracle:thin:@DATABASE CONNECTION"
jdbc_user => "username"
jdbc_password => "password"

            statement => "SELECT location_id, latitude, longitude, FROM addresses "
    }

}

filter {
if [latitude] and [longitude] {
mutate {
add_field => [ "[location][lat]", "%{latitude}"]
add_field => [ "[location][lon]", "%{longitude}"]
}
mutate {
convert =>{
"[location]" => "float"
}
}
mutate {
convert =>{
"latitude" => "float"
"longitude" => "float"
}
}
}
}

output {
elasticsearch {
index => "orders-location"
document_id => "%{location_id}"
document_type => "orderLoc"
hosts => ["elasticsearch.host.com:9200"]
}
}

Meantime modified the elasticsearch-template.json like below.

"properties" : {
"@timestamp": { "type": "date", "doc_values" : true },
"@version": { "type": "string", "index": "not_analyzed", "doc_values" : true },
"geoip" : {
"type" : "object",
"dynamic": true,
"properties" : {
"ip": { "type": "ip", "doc_values" : true },
"location" : { "type" : "geo_point", "doc_values" : true },
"latitude" : { "type" : "float", "doc_values" : true },
"longitude" : { "type" : "float", "doc_values" : true }
}
},
"location": {
"type": "geo_point"
}
}

Still the Kibana is not getting the geo_point type to plot it

magnusbaeck · July 13, 2016, 5:28am

Please show us

the actual mapping of the most recent index that Logstash is inserting data into and
an example raw message after Logstash has processed it, either via a stdout { codec => rubydebug } output or extracted from Elasticsearch (e.g. via Kibana's JSON tab).

Somnath_Shantveer · July 14, 2016, 6:00pm

Based on your mapping, I think this should work.
Also as suggested by Magnus, please share your recent index.

filter {
	if [latitude] and [longitude] {
		mutate {
			add_field => [ "[geoip][location]", "%{longitude}"]
			add_field => ["[geoip][location]", "%{latitude}"]
		}
		mutate {
                       add_field => { "[geoip][longitude]" => "%{longitude}" }
                       add_field => { "[geoip][latitude]" => "%{latitude}" }
		}
	}
}