Kibana coordinate map doesn't load after installing kibana on centos 7

yaser · December 15, 2017, 4:42pm

why after installing kibana 5.6.3 and insert location data to it , i want to visualize data by coordinate map chart in kibana but there is a problem , coordinate map doesnt load , !!!! after searching I concluded
that update all of my servers , but after installing 6.1 version ,The error persists

My OS : CentOS7
My Cluster : 5 elasticsearch server

i do no why this isn't work !!!

thomasneirynck · December 15, 2017, 11:31pm

hi @yaser,

not 100% sure what could be wrong.

When you say that the Coordinate Map doesn't load, do you mean nothing happens when you click the Coordinate Map logo?

What is your mapping of your data? You also need at least one geo_point field in your mappings.

thanks,

yaser · December 16, 2017, 6:58am

after click coordinate map i set the geo_point with my mapping .

i mean , point show in empty screen and map not loaded , i see blank screen.

and this is my mapping : Elasticsearch default :

PUT my_index
{
"mappings": {
"my_type": {
"properties": {
"location": {
"type": "geo_point"
}
}
}
}
}

Krunal_kalaria · December 16, 2017, 10:40am

hey Yaser,

Can you show me your configuration file because you need to change the Mapping.

Elasticsearch has default mapping so you need to change the mapping in you logstash file you have to put geoip coordinates. And if you have not installed geo-ip plugin then its not working.

yaser · December 16, 2017, 11:40am

i haven't use logstash yet , this plugin must be installed in kibana or logstash you mean ??
this is my config file in kibana :

server.host: "192.168.1.10"
server.port: 5601
elasticsearch.url: "http://192.168.1.1:9200"
xpack.security.enabled: false
logging.dest: /kibana-repository/Log/kibana.log

this is all of my configuration file in kibana.yml

Krunal_kalaria · December 17, 2017, 1:27pm

@yaser,

Yes if you want coordinate map then its one plugin is their in elasticsearch ingest-geoip following is how to installed it:

sudo /usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-geoip

https://www.elastic.co/guide/en/elasticsearch/plugins/master/ingest-geoip.html

yaser · December 17, 2017, 1:56pm

thank you , but there is a question , why when i run kibana on winodws i don't need to install any plugin ???? and map loaded compeletly

Krunal_kalaria · December 18, 2017, 4:00am

No in windows machine also you need to install plugins like ingest-geoip, x-pack etc. its not an in built.

if you want coordinate map or region map into kibana in windows machine then you have to install ingest-geoip plugin and you wants to change the mapping of it.

i have one geo-ip mapping i.e sharing with you:

{
"template" : "logstash-", //Here your index name that you create in your kibana
"version" : 50001,
"settings" : {
"index.refresh_interval" : "5s"
},
"mappings" : {
"default" : {
"_all" : {"enabled" : true, "omit_norms" : false},
"dynamic_templates" : [ {
"message_field" : {
"path_match" : "message",
"match_mapping_type" : "string",
"mapping" : {
"type" : "text",
"omit_norms" : false
}
}
}, {
"string_fields" : {
"match" : "",
"match_mapping_type" : "string",
"mapping" : {
"type" : "text", "omit_norms" : false,
"fields" : {
"keyword" : { "type": "keyword", "ignore_above": 256 }
}
}
}
} ],
"properties" : {
"@timestamp": { "type": "date", "include_in_all": false },
"@version": { "type": "keyword", "include_in_all": false },
"geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
},
"location": { "type": "geo_point" }
}
}
}
}

now next what you do put following in your configuration file like firewall.conf or any config file that you made it.

date { match => ["sourcetime","yyyy-MM-dd:HH:mm:ss"] }
geoip {
    source => "srcip"
    target => "geoip"
    add_field => [ "[geoip][coordinates]","%{[geoip][longitude]}" ]
    add_field => [ "[geoip][coordinates]","%{[geoip][latitude]}" ]
}
mutate {
    convert => [ "[geoip][coordinates]", "float"]
}

and restart your cluster i hope you understand well.

Thnks &regards,
@Krunal_kalaria

Krunal_kalaria · December 18, 2017, 4:03am

When all process are completed then just Delete the OLD index form your cluster and renew the index.

yaser · December 18, 2017, 5:59am

thank you so much , and can you please compelete this step for me an say , what json format can i send to this mapping??

\"location\" : {
    \"latitude\" : 41,
    \"longitude\" : 71

i use this format but logstash return this error ::

[2017-12-18T08:56:02,247][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch.
{:status=>400, :action=>["index", {:_id=>nil, :_index=>"index_test", :_type=>"doc", :_routing=>nil}, #LogStash::Event:0x1546c159], :response=>{"index"=>{"_index"=>"index_test", "_type"=>"doc", "_id"=>"4cQWaGABq4vMDUHKBmb8", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"illegal latitude value [269.9999986588955] for location"}}}}}

Krunal_kalaria · December 18, 2017, 6:45am

Welcome @yaser,
We are sending string format you try this string otherwise JSON has many formats you have to try all what format are you used i can not sure that you used string format but you just try others format also.

Thnks & Regards,

Krunal.k

system · January 15, 2018, 6:46am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.