How to construct geo_point field from separate fields of latitude and longitude for Kibana 5.4?

monai · July 4, 2017, 11:31am

From input data I have 2 fields of location - latitude and longitude.
How can I construct a geo_point location field to create map visualization in logstash config (version 5.4)?

Thank you.

Updated - Summarize of the steps need to construct geo_point:

Create an index at Elasticsearch
PUT my_index

Create a geo_point mapping type at the new created index

  PUT my_index/_mapping/my_type
  {
  	"my_type": {
  		"properties": {
  			"location": {
  				"type": "geo_point"
  			}
  		}
  	}
 }

Configure Logstash to map latitude and longitude to our created geo_point type

mutate {
    rename => {
        "longitude" => "[location][lon]"
        "latitude" => "[location][lat]"
    }
}

Run Logstash to load the data into Elasticsearch

magnusbaeck · July 4, 2017, 11:35am

You need to merge the values from those two fields into a single field. See https://www.elastic.co/guide/en/elasticsearch/reference/current/geo-point.html for the different kinds of field values that ES supports for geo_point fields.

Secondly, modify the mapping of the index so that the field is mapped as geo_point. This is typically done via an index template.

monai · July 4, 2017, 11:54am

As refer to the documentation you provided, I configured Logstash to add those 2 fields into location structure like this:

mutate {
    convert => { "longitude" => "float" }
    convert => { "latitude" => "float" }
}
mutate {
    rename => {
        "longitude" => "[location][lon]"
        "latitude" => "[location][lat]"
    }
}

Do I still need to manually mapping the index at Elasticsearch again by adding location field like this?

"mappings": {
	"logs": {
		"properties": {
			"eventid": {
				"type": "long"
			},
			"createdon": {
				"type": "date"
			},
			......
			"id": {
				"type": "long"
			},
            "location": {
                "type": "geo_point"
            }
		}
	}
}

Now the field location has created but there is no data appear in this field yet. Which method should I use to make the data appeared in this new field?

magnusbaeck · July 4, 2017, 12:44pm

Do I still need to manually mapping the index at Elasticsearch again by adding location field like this?

Yes.

Now the field location has created but there is no data appear in this field yet. Which method should I use to make the data appeared in this new field?

Let Logstash process your data (again).

monai · July 5, 2017, 12:59am

Now it works, thank you!

Summarize of the steps need to construct geo_point:

Create an index at Elasticsearch
PUT my_index

Create a geo_point mapping type at the new created index

  PUT my_index/_mapping/my_type
  {
  	"my_type": {
  		"properties": {
  			"location": {
  				"type": "geo_point"
  			}
  		}
  	}
 }

Configure Logstash to map latitude and longitude to our created geo_point type

mutate {
    rename => {
        "longitude" => "[location][lon]"
        "latitude" => "[location][lat]"
    }
}

Run Logstash to load the data into Elasticsearch

system · August 2, 2017, 1:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.