why after installing kibana 5.6.3 and insert location data to it , i want to visualize data by coordinate map chart in kibana but there is a problem , coordinate map doesnt load , !!!! after searching I concluded
that update all of my servers , but after installing 6.1 version ,The error persists
My OS : CentOS7
My Cluster : 5 elasticsearch server
i do no why this isn't work !!!
hi @yaser,
not 100% sure what could be wrong.
When you say that the Coordinate Map doesn't load, do you mean nothing happens when you click the Coordinate Map logo?
What is your mapping of your data? You also need at least one geo_point field in your mappings.
thanks,
after click coordinate map i set the geo_point with my mapping .
i mean , point show in empty screen and map not loaded , i see blank screen.
and this is my mapping : Elasticsearch default :
PUT my_index
{
"mappings": {
"my_type": {
"properties": {
"location": {
"type": "geo_point"
}
}
}
}
}
hey Yaser,
Can you show me your configuration file because you need to change the Mapping.
Elasticsearch has default mapping so you need to change the mapping in you logstash file you have to put geoip coordinates. And if you have not installed geo-ip plugin then its not working.
i haven't use logstash yet , this plugin must be installed in kibana or logstash you mean ??
this is my config file in kibana :
server.host: "192.168.1.10"
server.port: 5601
elasticsearch.url: "http://192.168.1.1:9200"
xpack.security.enabled: false
logging.dest: /kibana-repository/Log/kibana.log
this is all of my configuration file in kibana.yml
Yes if you want coordinate map then its one plugin is their in elasticsearch ingest-geoip following is how to installed it:
sudo /usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-geoip
https://www.elastic.co/guide/en/elasticsearch/plugins/master/ingest-geoip.html
thank you , but there is a question , why when i run kibana on winodws i don't need to install any plugin ???? and map loaded compeletly
No in windows machine also you need to install plugins like ingest-geoip, x-pack etc. its not an in built.
if you want coordinate map or region map into kibana in windows machine then you have to install ingest-geoip plugin and you wants to change the mapping of it.
i have one geo-ip mapping i.e sharing with you:
{
"template" : "logstash-", //Here your index name that you create in your kibana
"version" : 50001,
"settings" : {
"index.refresh_interval" : "5s"
},
"mappings" : {
"default" : {
"_all" : {"enabled" : true, "omit_norms" : false},
"dynamic_templates" : [ {
"message_field" : {
"path_match" : "message",
"match_mapping_type" : "string",
"mapping" : {
"type" : "text",
"omit_norms" : false
}
}
}, {
"string_fields" : {
"match" : "",
"match_mapping_type" : "string",
"mapping" : {
"type" : "text", "omit_norms" : false,
"fields" : {
"keyword" : { "type": "keyword", "ignore_above": 256 }
}
}
}
} ],
"properties" : {
"@timestamp": { "type": "date", "include_in_all": false },
"@version": { "type": "keyword", "include_in_all": false },
"geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
},
"location": { "type": "geo_point" }
}
}
}
}
now next what you do put following in your configuration file like firewall.conf or any config file that you made it.
date { match => ["sourcetime","yyyy-MM-dd:HH:mm:ss"] }
geoip {
source => "srcip"
target => "geoip"
add_field => [ "[geoip][coordinates]","%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]","%{[geoip][latitude]}" ]
}
mutate {
convert => [ "[geoip][coordinates]", "float"]
}
and restart your cluster i hope you understand well.
Thnks ®ards,
@Krunal_kalaria
When all process are completed then just Delete the OLD index form your cluster and renew the index.
thank you so much , and can you please compelete this step for me an say , what json format can i send to this mapping??
\"location\" : {
\"latitude\" : 41,
\"longitude\" : 71
i use this format but logstash return this error ::
[2017-12-18T08:56:02,247][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch.
{:status=>400, :action=>["index", {:_id=>nil, :_index=>"index_test", :_type=>"doc", :_routing=>nil}, #LogStash::Event:0x1546c159], :response=>{"index"=>{"_index"=>"index_test", "_type"=>"doc", "_id"=>"4cQWaGABq4vMDUHKBmb8", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"illegal latitude value [269.9999986588955] for location"}}}}}
Welcome @yaser,
We are sending string format you try this string otherwise JSON has many formats you have to try all what format are you used i can not sure that you used string format but you just try others format also.
Thnks & Regards,
Krunal.k
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.