Hi,
I have loaded IP data to ES for geospatial visualization in Kibana. Awesome!
Is there a way to map non-IP data (e.g. City, addresses, etc) to ES for geospatial queries?
Frank.
You would need a database with that information to add a geopoint, but then you'd have to merge those together outside of ES.
I am not sure I understood.
Logstash comes with the GeoLiteCity database with these fields.
From the docs:
For the built-in GeoLiteCity database, the following are available: city_name, continent_code, country_code2, country_code3, country_name, dma_code, ip, latitude, longitude, postal_code, region_name and timezone.
Example row from the GeoLiteCity db
2245,"US","IL","Itasca","60143",41.9750,-88.0073,602,630
So if my data file has city="Itasca"... can I use the geoip filter like this?
geoip
{
source => "city"
target => "geoip"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
mutate { convert => ["[geoip][coodinates]", "float"] }
Nope because it expects an IP, not a city name.
I wrote some code a while back that integrates city/state info from Geonames into Elasticsearch geopoints. The project is here: https://github.com/GSA/jobs_api
The most relevant files for your question are https://github.com/GSA/jobs_api/blob/master/app/models/geoname.rb and https://github.com/GSA/jobs_api/blob/master/lib/importers/geonames_data.rb.
In my case I have job openings, and each one is tied to a city (or multiple cities). I use Geonames to resolve the city to a geopoint and then store that geopoint in the job opening document. Then Elasticsearch geo_distance sorting lets me find the nearest job opening to the searcher's geo location.
Thanks! I will take a look.
I figured. Hopefully an enhancement down the road since the data is available in the geolite db.