How to construct geo_point field from separate fields of latitude and longitude for Kibana 5.4?

Elastic Stack Logstash
1

From input data I have 2 fields of location - latitude and longitude.
How can I construct a geo_point location field to create map visualization in logstash config (version 5.4)?

Thank you.

Updated - Summarize of the steps need to construct geo_point:

  1. Create an index at Elasticsearch
    PUT my_index

  2. Create a geo_point mapping type at the new created index

      PUT my_index/_mapping/my_type
  {
  	"my_type": {
  		"properties": {
  			"location": {
  				"type": "geo_point"
  			}
  		}
  	}
 }

  3. Configure Logstash to map latitude and longitude to our created geo_point type

    mutate {
    rename => {
        "longitude" => "[location][lon]"
        "latitude" => "[location][lat]"
    }
}

  4. Run Logstash to load the data into Elasticsearch

1 Like
2

You need to merge the values from those two fields into a single field. See https://www.elastic.co/guide/en/elasticsearch/reference/current/geo-point.html for the different kinds of field values that ES supports for geo_point fields.

Secondly, modify the mapping of the index so that the field is mapped as geo_point. This is typically done via an index template.

1 Like
3

As refer to the documentation you provided, I configured Logstash to add those 2 fields into location structure like this:

mutate {
    convert => { "longitude" => "float" }
    convert => { "latitude" => "float" }
}
mutate {
    rename => {
        "longitude" => "[location][lon]"
        "latitude" => "[location][lat]"
    }
}

Do I still need to manually mapping the index at Elasticsearch again by adding location field like this?

"mappings": {
	"logs": {
		"properties": {
			"eventid": {
				"type": "long"
			},
			"createdon": {
				"type": "date"
			},
			......
			"id": {
				"type": "long"
			},
            "location": {
                "type": "geo_point"
            }
		}
	}
}

Now the field location has created but there is no data appear in this field yet. Which method should I use to make the data appeared in this new field?

4

Do I still need to manually mapping the index at Elasticsearch again by adding location field like this?

Yes.

Now the field location has created but there is no data appear in this field yet. Which method should I use to make the data appeared in this new field?

Let Logstash process your data (again).

1 Like
5

Now it works, thank you!

Summarize of the steps need to construct geo_point:

  1. Create an index at Elasticsearch
    PUT my_index

  2. Create a geo_point mapping type at the new created index

      PUT my_index/_mapping/my_type
  {
  	"my_type": {
  		"properties": {
  			"location": {
  				"type": "geo_point"
  			}
  		}
  	}
 }

  3. Configure Logstash to map latitude and longitude to our created geo_point type

    mutate {
    rename => {
        "longitude" => "[location][lon]"
        "latitude" => "[location][lat]"
    }
}

  4. Run Logstash to load the data into Elasticsearch

3 Likes
6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.