How to create geo-point fields from longitude / latitude

Elastic Stack Elasticsearch
1

ELK 7.10.

I've used the geoip filter in logstash to get geo data from a remote IP Address. Now I have geo data appearing in elastic.

I want to be able to map these on a map chart and I don't understand how to do the next step. I know that I have to create a template in elastic to get a field of type geo_point but I'm not sure how exactly?

In elasticsearch I now have geoip.location.lat and geoip.location.lon which are both number field types. How do I now defined a field called geoip.location which is type geo_ip?

2

You need to map geoip.location as geo_point instead of mapping the lat and lon values

3

So I mapped a field called location as type geo_point like this

{
  "properties": {
    "location": {
      "type": "geo_point"
    }
  }
}

But all I have now is a new mapped field, I'm still getting geoip data but this location field isn't being used in new documents. How do I link latitude and longitude to this location field?

4

Could you share your logstash Pipeline?

You need to configure the location field as target field for your geo ip filter.

5

Okay so I have:-

  • mapped a field called location as type geo_point

  • configured the geoip filter in logstash to use location as a target.

    if [remote_ip] {
    geoip {
    source => "remote_ip"
    target => "localtion"
    }
    }

Is that right ? It's still not working though. Map chart recognises location as geo-spatial field but I don't see any data

6

Is there a typo? localtion Vs location

7

Yes, sorry. But is what I said correct?

8

I don't believe so. Look at what a document look like after the geoip filter.

9

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.