How to create a geo_point field in logstash for a default index logstash-*

George_Cherian · July 6, 2018, 6:23am

Hi

How to make a field geo_point type in logstash itself , so that I don't need to initial create a index manually with geo_point temple and the use it in logstash , which is double work.

Thanks
George

warkolm · July 6, 2018, 6:33am

You should leverage templates for your mappings, that is the best way if you are using a non logstash- named index.

George_Cherian · July 6, 2018, 7:05am

how can it be done for logstash-named index?

warkolm · July 6, 2018, 7:18am

Are you changing the name of the field, or using the defaults from the geoip filter?

George_Cherian · July 6, 2018, 10:22am

I need the location field shown in the below snippet as geo_point , so for that can I use geoip plugin instead of mutate?

filter{
if[Site] == "Manassas"
{
mutate{
add_field => { "location" => "38.7509,-77.4753" }
}
}
........

warkolm · July 7, 2018, 7:13am

Ohh ok, now that makes sense. (Side note, posting your config can help get a resolution a bit quicker )

You may need to adapt the existing template, because the default one by Logstash uses geoip.location but you are using just location. Otherwise, just call that field geoip.location.

Topic		Replies	Views
Does logstash map to geo_point type when parsing geoip? Logstash	3	372	August 10, 2020
Geo_point and the logstash-* index Logstash	2	563	April 21, 2017
Default parsing of the geoip field: location? Logstash	9	844	March 6, 2017
Geoip.location not Auto Generated Kibana maps	6	601	January 7, 2021
Geoip filter in logstash with Index Template not creating geo_point object as expected Kibana	6	1350	November 19, 2021

How to create a geo_point field in logstash for a default index logstash-*

Related topics