No Compatible Fields: The "logstash-*" index pattern does not contain any of the following field types: geo_point

bianchi74 · December 6, 2017, 9:06am

Hi all,

when I try to create a "Coordinate Map" I receive the following error message:

No Compatible Fields: The "logstash-*" index pattern does not contain any of the following field types: geo_point

My coordinates are converted into the following logstash config file:

filter {
    ...
    grok {
        match => { "iotEvent_location" => "%{NUMBER:lon} %{NUMBER:lat}" }
      }

      mutate {
                 rename => [ "lat", "[geoComplaint][location][lat]", "lon", "[geoComplaint][location][lon]" ]
             }

      mutate {
                 convert => [ "[geoComplaint][location][lat]", "float" ]
                 convert => [ "[geoComplaint][location][lon]", "float" ]
      }
}

output {
elasticsearch {
      hosts => "localhost:9200"
      index         => "logstash-%{+dd.MM.YYYY}"
      document_type => "iotEvent"
      template      => "/Users/iBianchi/Documents/_dev-tools/logstash-6.0.0/bin/logstash.json"
      template_name => "logstash"
      template_overwrite => true
  }
}

This is an extract of the mapping file I pass to logstash:

"mappings": {
    "iotEvent": {
      "properties": {
      ...
        "geoComplaint": {
                    "dynamic": true,
                    "type": "object",
                    "path": "full",
                    "properties": {
                        "location": {
                            "type": "geo_point"
                          }
                    },
        },
        ...
       "dynamic_templates": [
          {
            "string_template": {
              "match": "*",
              "match_mapping_type": "string",
              "mapping": {
                "type": "keyword"
              }
            }
          }
        ]

This is an extract of the mapping file returned by Elastic Search:

"geoComplaint" : {
                "properties" : {
                  "location" : {
                    "properties" : {
                      "lat" : {
                        "type" : "float"
                      },
                      "lon" : {
                        "type" : "float"
                      }
                    }
                  }
                }
              }

Finally, this is a document indexed by Elasticsearch:

{
  "_index": "logstash-05.12.2017",
  "_type": "iotEvent",
  "_id": "AWAq_n3-cKCic2a1eVPM",
  "_version": 1,
  "_score": null,
  "_source": {
    "event_certainty": 1,
    "geoComplaint": {
      "location": {
        "lat": 7.61528,
        "lon": 45.15471
      }
    },
    "body": "<SP V=\"62\" P=\"3\" E=\"35476\" S=\"35477\"/>",
    "version": 1,
    "event_type_id": 0,
    "iotEvent_location": "45.15471-7.61528",
    "@timestamp": "2017-12-05T04:36:20.000Z",
    "iotEvent_source": "http://services.infoblu.it/BITW/data?id=teamd26lkc",
    "temporal_granularity": null,
    "@version": "1",
    "attributes": {
      "sourceCode": "35477",
      "endCode": "35476",
      "offset": "3",
      "metric": "speed",
      "dstCoordinates": "45.13841-7.62777",
      "srcCoordinates": "45.15471-7.61528",
      "value": "62",
      "tags": "sourceCode,endCode,offset"
    },
    "id": "it.gov.daf.kafkaProducers.eventConverters.InfoBluTrafficConverter.1512448580000.2",
    "event_subtype_id": null,
    "event_annotation": null,
    "coords": "7.61528,45.15471",
    "ts": 1512448580000
  },
  "fields": {
    "@timestamp": [
      1512448580000
    ]
  },
  "sort": [
    1512448580000
  ]
}

I have the same problem using ELK 6.0.0 and ELK 5.6.4.
Can you help me?

Thanks!

LeeDr · December 6, 2017, 5:19pm

Hi Marco,

When you look in Kibana Management > Index Patterns and select your index pattern you need to see the type as geo_point as shown below. But based on the mapping you got back from Elasticsearch for your index I'm thinking you're not going to see that.

This is really a logstash/elasticsearch issue to get logstash mapping correct vs a Kibana issue so I'm probably not the best person to help you solve this issue. Here's some other related issues I found in the Kibana forum, but if these don't help you I recommend you search for geo_point in the logstash discuss channel.

Regasrds,
Lee

bianchi74 · December 13, 2017, 9:31am

Hi Lee,
thanks for your answer.
I think you are right: it seems logstash/elasticsearch issue because Kibana doesn't associate to my coordinates the geo_point type. Even if the mapping file seems to be correct, the field is incorrectly seen as a double...
I'll try to post the issue on the logstash channel.
Best regards,
Marco

system · January 10, 2018, 9:32am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
The index pattern does not contain any of the following compatible field types: geo_point Kibana	3	603	August 18, 2019
Geo point issue Kibana	4	590	September 20, 2017
No Compatible Fields. index pattern has no field type geo_point Kibana	2	361	April 25, 2019
Unable to use coordinates map Elasticsearch	36	1450	May 24, 2019
The index pattern access* does not contain any of the following compatible field types: geo_point Logstash	3	280	April 2, 2020

No Compatible Fields: The "logstash-*" index pattern does not contain any of the following field types: geo_point

Related Topics