Mapping geo_point data type in logstash

chinmoyd · November 7, 2018, 7:45am

In my input JSON to logstash( input from a postgreSQL query), I have a string field containing the geolocation(example: 22.572645, 88.363892). The field name is payergeocode. When this data is going to Kibana through Elasticsearch, it is not getting any geo_point data type. Please suggest what do I need to write in logstash.conf that will do the conversion.

I have tried the following and it did not work.
filter{
if [type] == "cases"{
mutate{
convert => {
"payergeocode" => "geo_point"
}
}
}
}

Logstash version is 6.4.2. Elasticsearch version is 6.4.2

Christian_Dahlqvist · November 7, 2018, 7:59am

Converting fields in a mutate block just changes how they are represented in the JSON document sent to Elasticsearch. As geo_point fields are not represented in any special way in the JSON document, but rather interpreted in Elasticsearch, you can not cast this in Logstash. You instead need to use an index template that contains the correct mapping.

chinmoyd · November 7, 2018, 9:13am

Thanks for the quick reply.

I have created a mapping as below:
http://172.18.17.207:9200/_template/geotypetemplate_2
{
"index_patterns" : ["case*"],
"mappings": {
"doc": {
"properties": {
"case_id": {
"type": "keyword"
},
"crtn_ts": {
"type": "date"
},
"payergeocode": {
"type": "geo_point"
}
}
}
}
}

My SQL query is: select case_id, crtn_ts, payergeocode from frm_gateway.frm_case

But when I start logstash, Elasticsearch gives the following error:
[2018-11-07T14:35:04,766][DEBUG][o.e.a.b.TransportShardBulkAction] [casegs][0] failed to execute bulk item (update) BulkShardRequest [[casegs][0]] containing [update {[casegs][caseg][ISBIC05112018100001], doc_as_upsert[true], doc[index {[casegs][caseg][ISBIC05112018100001], source[{"case_id":"ISBIC05112018100001","@timestamp":"2018-11-07T09:05:01.233Z","payergeocode":"22.572645,88.363892","type":"cases","@version":"1","crtn_ts":"2018-11-05T07:15:39.253Z"}]}], scripted_upsert[false], detect_noop[true]}]
java.lang.IllegalArgumentException: Rejecting mapping update to [casegs] as the final mapping would have more than 1 type: [caseg, doc]

Output in logstash.conf is as below:
output {
stdout { codec => rubydebug }
if [type] == "cases"{
elasticsearch {
index => "casegs"
document_type => "caseg"
document_id => "%{case_id}"
doc_as_upsert => true
action => "update"
hosts => ["172.18.17.207:9200"]
}
}

system · December 5, 2018, 9:26am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How do i create field Types such as geo_point in a logstash conf file? Logstash	6	581	November 12, 2020
Facing Issue in converting geoip.location to geo_point datatype Elasticsearch	4	459	January 9, 2019
Geo_point - no compatible types Kibana	5	4670	July 6, 2017
GeoJSON from location/change datatype of location to Geo_Point Logstash	2	290	June 12, 2020
JSON latitude/longitude to geo_point Elasticsearch	5	12498	July 5, 2017

Mapping geo_point data type in logstash

Related topics