Hi
How to make a field geo_point type in logstash itself , so that I don't need to initial create a index manually with geo_point temple and the use it in logstash , which is double work.
Thanks
George
You should leverage templates for your mappings, that is the best way if you are using a non logstash- named index.
how can it be done for logstash-named index?
Are you changing the name of the field, or using the defaults from the geoip filter?
I need the location field shown in the below snippet as geo_point , so for that can I use geoip plugin instead of mutate?
filter{
if[Site] == "Manassas"
{
mutate{
add_field => { "location" => "38.7509,-77.4753" }
}
}
........
Ohh ok, now that makes sense. (Side note, posting your config can help get a resolution a bit quicker 
)
You may need to adapt the existing template, because the default one by Logstash uses geoip.location but you are using just location. Otherwise, just call that field geoip.location.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.