No Compatible Fields: The "logstash-*" index pattern does not contain any of the following field types: geo_point

bianchi74 · December 6, 2017, 9:06am

Hi all,

when I try to create a "Coordinate Map" I receive the following error message:

No Compatible Fields: The "logstash-*" index pattern does not contain any of the following field types: geo_point

My coordinates are converted into the following logstash config file:

filter {
    ...
    grok {
        match => { "iotEvent_location" => "%{NUMBER:lon} %{NUMBER:lat}" }
      }

      mutate {
                 rename => [ "lat", "[geoComplaint][location][lat]", "lon", "[geoComplaint][location][lon]" ]
             }

      mutate {
                 convert => [ "[geoComplaint][location][lat]", "float" ]
                 convert => [ "[geoComplaint][location][lon]", "float" ]
      }
}

output {
elasticsearch {
      hosts => "localhost:9200"
      index         => "logstash-%{+dd.MM.YYYY}"
      document_type => "iotEvent"
      template      => "/Users/iBianchi/Documents/_dev-tools/logstash-6.0.0/bin/logstash.json"
      template_name => "logstash"
      template_overwrite => true
  }
}

This is an extract of the mapping file I pass to logstash:

"mappings": {
    "iotEvent": {
      "properties": {
      ...
        "geoComplaint": {
                    "dynamic": true,
                    "type": "object",
                    "path": "full",
                    "properties": {
                        "location": {
                            "type": "geo_point"
                          }
                    },
        },
        ...
       "dynamic_templates": [
          {
            "string_template": {
              "match": "*",
              "match_mapping_type": "string",
              "mapping": {
                "type": "keyword"
              }
            }
          }
        ]

This is an extract of the mapping file returned by Elastic Search:

"geoComplaint" : {
                "properties" : {
                  "location" : {
                    "properties" : {
                      "lat" : {
                        "type" : "float"
                      },
                      "lon" : {
                        "type" : "float"
                      }
                    }
                  }
                }
              }

Finally, this is a document indexed by Elasticsearch:

{
  "_index": "logstash-05.12.2017",
  "_type": "iotEvent",
  "_id": "AWAq_n3-cKCic2a1eVPM",
  "_version": 1,
  "_score": null,
  "_source": {
    "event_certainty": 1,
    "geoComplaint": {
      "location": {
        "lat": 7.61528,
        "lon": 45.15471
      }
    },
    "body": "<SP V=\"62\" P=\"3\" E=\"35476\" S=\"35477\"/>",
    "version": 1,
    "event_type_id": 0,
    "iotEvent_location": "45.15471-7.61528",
    "@timestamp": "2017-12-05T04:36:20.000Z",
    "iotEvent_source": "http://services.infoblu.it/BITW/data?id=teamd26lkc",
    "temporal_granularity": null,
    "@version": "1",
    "attributes": {
      "sourceCode": "35477",
      "endCode": "35476",
      "offset": "3",
      "metric": "speed",
      "dstCoordinates": "45.13841-7.62777",
      "srcCoordinates": "45.15471-7.61528",
      "value": "62",
      "tags": "sourceCode,endCode,offset"
    },
    "id": "it.gov.daf.kafkaProducers.eventConverters.InfoBluTrafficConverter.1512448580000.2",
    "event_subtype_id": null,
    "event_annotation": null,
    "coords": "7.61528,45.15471",
    "ts": 1512448580000
  },
  "fields": {
    "@timestamp": [
      1512448580000
    ]
  },
  "sort": [
    1512448580000
  ]
}

I have the same problem using ELK 6.0.0 and ELK 5.6.4.
Can you help me?

Thanks!

LeeDr · December 6, 2017, 5:19pm

Hi Marco,

When you look in Kibana Management > Index Patterns and select your index pattern you need to see the type as geo_point as shown below. But based on the mapping you got back from Elasticsearch for your index I'm thinking you're not going to see that.

This is really a logstash/elasticsearch issue to get logstash mapping correct vs a Kibana issue so I'm probably not the best person to help you solve this issue. Here's some other related issues I found in the Kibana forum, but if these don't help you I recommend you search for geo_point in the logstash discuss channel.

Regasrds,
Lee

bianchi74 · December 13, 2017, 9:31am

Hi Lee,
thanks for your answer.
I think you are right: it seems logstash/elasticsearch issue because Kibana doesn't associate to my coordinates the geo_point type. Even if the mapping file seems to be correct, the field is incorrectly seen as a double...
I'll try to post the issue on the logstash channel.
Best regards,
Marco

system · January 10, 2018, 9:32am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
No Compatible Fields: types: geo_point Elasticsearch	8	2865	July 22, 2018
"Getting started"-Coordinate Map - Tutorial brocken Kibana	6	449	August 16, 2018
The index pattern does not contain any of the following compatible field types: geo_point Kibana	3	603	August 18, 2019
Geo point issue Kibana	4	590	September 20, 2017
No Compatible Fields. index pattern has no field type geo_point Kibana	2	361	April 25, 2019

No Compatible Fields: The "logstash-*" index pattern does not contain any of the following field types: geo_point

Related topics