Logstash: 5.1.1
Kibana : 5.1.1
Elasticsearch: 5.1.1
Hi,
I have created a sample file with some lat and longs to visualize in Kibana 5.
input {
file {
path => "sample.log"
type => "ips"
start_position => "beginning"
sincedb_path => "/dev/null"
ignore_older => 0
}
}
filter {
grok {
match => {
"message" => "%{NOTSPACE} %{NOTSPACE} %{NUMBER:lat} %{NUMBER:lon}"
}
}
mutate {
convert => {
"lat" => "float"
"lon" => "float"
}
add_field => {
"[geoip][location]" => [ "%{lon}", "%{lat}" ]
"[geoip][latitude]" => "%{lat}"
"[geoip][longitude]" => "%{lon}"
}
}
}
output {
stdout { codec => rubydebug }
elasticsearch {
hosts => "localhost"
index => "geoip"
}
}
When i run the file in Kibana, go to visualize->tileMap, I get the message:
No results found
The mapping looks like this:
{
"geoip" : {
"mappings" : {
"geoip" : {
"properties" : {
"geo" : {
"properties" : {
"coordinates" : {
"type" : "geo_point"
}
}
}
}
},
"lat" : {
"properties" : {
"@timestamp" : {
"type" : "date"
},
"@version" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"geoip" : {
"properties" : {
"latitude" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"location" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"longitude" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"host" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"lat" : {
"type" : "float"
},
"lon" : {
"type" : "float"
},
"message" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"path" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"type" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
}
}
}
}
I was able to visualize this in Kibana 4, I am not sure what the difference in changing the versions makes. Please help me out!