Can you elaborate? I use the geoip filter all the time with kb4 and have no
problems
On 07/03/2015 9:10 am, "David Kleiner" david.kleiner@gmail.com wrote:
Hi,
Are there any plans to add calculating geohash to Logstash? Now that
Kibana4 is out and won't accept geo coordinates for its map
visualization...
When I try to create a tile map, the only aggregation field that shows up
in the left panel for geo coordinates is of type geohash, which I don't
have in the index, see screenshot.
On Friday, March 6, 2015 at 4:27:01 PM UTC-8, Mark Walkom wrote:
Can you elaborate? I use the geoip filter all the time with kb4 and have
no problems
On 07/03/2015 9:10 am, "David Kleiner" <david....@gmail.com <javascript:>>
wrote:
Hi,
Are there any plans to add calculating geohash to Logstash? Now that
Kibana4 is out and won't accept geo coordinates for its map
visualization...
On Friday, March 6, 2015 at 4:38:56 PM UTC-8, David Kleiner wrote:
Sure.
When I try to create a tile map, the only aggregation field that shows up
in the left panel for geo coordinates is of type geohash, which I don't
have in the index, see screenshot.
On Friday, March 6, 2015 at 4:27:01 PM UTC-8, Mark Walkom wrote:
Can you elaborate? I use the geoip filter all the time with kb4 and have
no problems
On 07/03/2015 9:10 am, "David Kleiner" david....@gmail.com wrote:
Hi,
Are there any plans to add calculating geohash to Logstash? Now that
Kibana4 is out and won't accept geo coordinates for its map
visualization...
ES needs a single lat+lon field to read. It or KB won't combine things.
On 06/03/2015 4:38 pm, "David Kleiner" david.kleiner@gmail.com wrote:
Sure.
When I try to create a tile map, the only aggregation field that shows up
in the left panel for geo coordinates is of type geohash, which I don't
have in the index, see screenshot.
On Friday, March 6, 2015 at 4:27:01 PM UTC-8, Mark Walkom wrote:
Can you elaborate? I use the geoip filter all the time with kb4 and have
no problems
On 07/03/2015 9:10 am, "David Kleiner" david....@gmail.com wrote:
Hi,
Are there any plans to add calculating geohash to Logstash? Now that
Kibana4 is out and won't accept geo coordinates for its map
visualization...
geoip.city_name Warsawtgeoip.continent_code EU*#geoip.coordinates
["21.0","52.25"]tgeoip.country_code2 PLtgeoip.country_code3 POLt*
geoip.country_name Polandtgeoip.ip 217.67.205.50*#geoip.latitude 52.25#*
geoip.location [21,52.25]#geoip.longitude 21tgeoip.real_region_name
Mazowieckietgeoip.region_name 78tgeoip.timezone Europe/Warsaw
Can please be so kind and post the part of your geoip filter in your
logstash.conf where handle the building of fields in order to use in tile
map of kb4?
Thanks in advance
Am Samstag, 7. März 2015 16:40:07 UTC+1 schrieb Mark Walkom:
ES needs a single lat+lon field to read. It or KB won't combine things
geoip.city_name Warsawtgeoip.continent_code EU*#geoip.coordinates
["21.0","52.25"]tgeoip.country_code2 PLtgeoip.country_code3 POLt*
geoip.country_name Polandtgeoip.ip 217.67.205.50*#geoip.latitude 52.25 #geoip.location [21,52.25]#geoip.longitude 21tgeoip.real_region_name
Mazowieckietgeoip.region_name 78t*geoip.timezone Europe/Warsaw
Can please be so kind and post the part of your geoip filter in your
logstash.conf where handle the building of fields in order to use in tile
map of kb4?
Thanks in advance
Am Samstag, 7. März 2015 16:40:07 UTC+1 schrieb Mark Walkom:
ES needs a single lat+lon field to read. It or KB won't combine things
Unfortunately not. I have the same problem what David described with his
screenshot. The only aggregation that shows up in the left panel for geo
coordinates is of type geohash and below there is no field to choose at all.
Am Dienstag, 17. März 2015 17:44:32 UTC+1 schrieb Mark Walkom:
It'll be able to read geoip.coordinates if you point to it.
Do I have to add some extra fields to the coordinates field as described
in http://www.tagwith.com/question_345822_kibana-3-geojson-vs-kibana4-geohash/
?
Problem here is that the logstash.conf does not seem to like 3-dim arrays
...
add_field => [ "[geoip][coordinates][lat_lon]", true ] does not work at
all. Perhaps I'mm wrong with the syntax?
The thing is: Now the autmatic mapping feature of logstash (described here http://logstash.net/docs/1.4.2/filters/geoip) is not taken into account.
So, it may be possible to manually create a mapping template (see http://logstash.net/docs/1.4.2/filters/geoip ... manage_template /
template) in the logstash output config.
Or you can stick to the default output index of logstash.
In my case, it's ES 1.4.4, KB4 4.0.1, I use logstash-forwarder to
logstash-forwarder input, rabbitmq output, geoip filter in logstash and ES
river plugin, no template.
Perhaps I should've created a dedicated template but I now have 3 years
worth of index data and reindexing it will be painful.
On Wednesday, March 18, 2015 at 1:46:51 PM UTC-7, Mark Walkom wrote:
That sounds really weird, I have a non-LS index with geopoints and I can
definitely read and plot these in KB4.
Are you running the latest KB4 release? What version of ES?
On 18 March 2015 at 07:36, Michael <bun...@gmail.com <javascript:>> wrote:
Ok, seems I resolved the issue:
In short: You have to use the default output index in logstash:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.