How to set geo_point type from csv files using logstash?

Jun.8 · June 8, 2020, 1:35pm

Hi, I'm trying to set geo_point type from csv files which have latitude and longitude using logstash. But I really don't know how to convert latitude and longitude to location(geo_point type). I'm using logstash for this, but it seems that there is not enough information about it.
I found this way.

input {
  file {
    path => "/Users/kakao/Downloads/coronavirusdataset_20200601/Case.csv"
    start_position => "beginning"
    #sincedb_path => "/dev/null"    
  }
}
filter {
  csv {
      separator => ","
      columns => ["case_id","province","city","group","infection_case","confirmed","latitude","longitude"]
  }
  mutate {convert => ["latitude", "float"]}
  mutate {convert => ["longitude", "float"]}
  mutate {convert => ["confirmed", "float"]}
  mutate {rename => ["latitude", "[location][lat]"]}
  mutate {rename => ["longitude", "[location][lon]"]}
output {  
    elasticsearch {
        template => "/Users/kakao/Downloads/logstash-7.7.1/config/elasticsearch-template.json"
        template_overwrite => true
        action => "index"
        hosts => ["http://localhost:9200"]
        index => "logstash-%{+YYYY.MM.dd}"
        user => "user-name"
        password => "password"
        workers => 1
    }
    stdout {}
}

and this is my elasticsearch-template.json.

{
    "template" : "logstash-*",
    "settings" : {
      "index.refresh_interval" : "5s"
    },
    "mappings" : {
      "_default_" : {
        "_all" : {"enabled" : true, "omit_norms" : true},
        "dynamic_templates" : [ {
          "message_field" : {
            "match" : "message",
            "match_mapping_type" : "string",
            "mapping" : {
              "type" : "string", "index" : "analyzed", "omit_norms" : true,
              "fielddata" : { "format" : "disabled" }
            }
          }
        }, {
          "string_fields" : {
            "match" : "*",
            "match_mapping_type" : "string",
            "mapping" : {
              "type" : "string", "index" : "analyzed", "omit_norms" : true,
              "fielddata" : { "format" : "disabled" },
              "fields" : {
                "raw" : {"type": "string", "index" : "not_analyzed", "ignore_above" : 256}
              }
            }
          }
        } ],
        "properties" : {
          "@timestamp": { "type": "date" },
          "@version": { "type": "string", "index": "not_analyzed" },
          "geoip"  : {
            "dynamic": true,
            "properties" : {
              "ip": { "type": "ip" },
              "location" : { "type" : "geo_point" },
              "latitude" : { "type" : "float" },
              "longitude" : { "type" : "float" }
            }
          },
    "location" : { "type": "geo_point" }
        }
      }
    }
  }

Finally, I got geoip.location which is geo_point type, but I couldn't find any data of geoip.location in discover. I only have location.lat, location.lon which are numbers. It means that I just have field, but no data in that field.

Rahul_Kumar4 · June 8, 2020, 2:56pm

You may have to refresh your index pattern from Kibana console for the new fields to appear if the index already existed from before and the mappings was changed.

Jun.8 · June 8, 2020, 3:12pm

The problem is like above. When I look at discover, it only has location.lat and location.lon fields. There is no geoip.location what I want....

Rahul_Kumar4 · June 8, 2020, 3:15pm

Did you try refreshing the index pattern?

Jun.8 · June 8, 2020, 3:17pm

Yes, I just have refreshed the index pattern, but it outputs same result.
Should I have datas related to "geoip" in the csv file I'm using? Cause I only have longitude and latitude datas...

ptamba · June 8, 2020, 6:27pm

change this to

mutate {rename => ["latitude", "[geoip][location][lat]"]}
  mutate {rename => ["longitude", "[geoip][location][lon]"]}

Jun.8 · June 12, 2020, 3:14pm

Thanks for your reply.. But it doesn't work anyway..
If like that, there is no geoip.location which is geo_point type.

ptamba · June 13, 2020, 1:59am

geo_point data type accepts latitude longitude pair. in your previous screenshot you already have geoip.location with geo_point data type. which means you only need to add lat-lon pair to that field, which is why i suggested the previous step.
latitude and longitude are stored as numeric float.

more info about geo_point

system · July 11, 2020, 2:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash type error conversion geo_point type field must be a number Logstash	1	363	May 30, 2021
GeoJSON from location/change datatype of location to Geo_Point Logstash	2	290	June 12, 2020
Geo_point in logstash Logstash	5	570	October 23, 2017
How do i create field Types such as geo_point in a logstash conf file? Logstash	6	581	November 12, 2020
Problem converting latitude and longitude into a geo point for Kibana Logstash	15	35270	July 6, 2017

How to set geo_point type from csv files using logstash?

Related Topics