Problem to convert lat and long for Kibana

Elastic Stack Logstash
1

Hello,
I'm using Elastic Stack since few days and I'm having some difficulties to convert latitude and longitude into geo_point type, I also try many solution on this forum but I can't resolve my problem :confused: . I work on Logstash 5.4 , there is my conf file :

input {
  file{
    path => "C:\Users\martinfm\Documents\ELK\gps_again2.txt"
    start_position => "beginning"
    type => "caisse"
  }
}

filter{
    csv{
        separator => ","
        columns => ["numcr","nomcaisse","latitude","longitude"]
        }
		
	geoip { 
        source => "caissegps" 
        target => "geoip" 
        add_field => [ "[geoip][location]", "%{[longitude]}" ] 
        add_field => [ "[geoip][location]", "%{[latitude]}"  ] 
      } 
      mutate {
        convert => [ "[geoip][location]", "float" ]
      }
		
       
}

output {
  elasticsearch{ 
      hosts => "http://localhost:9200"
      index => "sfclog_gps"
	  template => "C:\Users\martinfm\Documents\ELK\logstash-5.4.0\etc\templates\project.json"
	  template_name => "gps_logstash"
	  template_overwrite => true
        }                   
}

And there is my template used :

{ 
    "template" : "gps_logstash", 
    "settings" : { "index.refresh_interval" : "60s" }, 
    "mappings" : { 
        "_default_" : { 
            "_all" : { "enabled" : false }, 
            "dynamic_templates" : [{ 
              "message_field" : { 
                "match" : "message", 
                "match_mapping_type" : "string", 
                "mapping" : { "type" : "string", "index" : "not_analyzed" } 
              } 
            }, { 
              "string_fields" : { 
                "match" : "*", 
                "match_mapping_type" : "string", 
                "mapping" : { "type" : "string", "index" : "not_analyzed" } 
              } 
            }],
			"properties" : {
				"@timestamp" : { "type" : "date", "format" : "dateOptionalTime" }, 
				"@version" : { "type" : "integer", "index" : "not_analyzed" }, 
				"numcr" : { "type" : "integer" }, 
				"nomcaisse" : { "type" : "string"},
				"geoip" : { "type" : "object", "properties" : { "location" : { "type" : "geo_point" } } }
			}
		}
	}
}

I saw this error on kibana : No Compatible Fields: The "sfclog_gps" index pattern does not contain any of the following field types: geo_point

And I notice my field numcr isn't an integer on kibana : host.keyword string

Did logstash don't use my template? If I try this : curl localhost:9200/_template/gps_logstash?pretty , I find my custom template, I don't understand.

Any idea what I am doing wrong here? Regards, Florian.

Sorry for my poor English :frowning:

2

Because of

"template" : "gps_logstash",

in your index template it'll only apply to indexes named "gps_logstash", but you're calling your index "sfclog_gps".

3

Oh thanks it work now I have my point on the map, but I still have a little question about the template.
How to use template if you named index like that : index => "example-%{+YYYY.MM.dd}"
And why it not work if I put this on my conf : template_name => "my_template"

4

With index => "example-%{+YYYY.MM.dd}" in your Logstash configuration you need "template": "example-*" in your index template.

5

Thanks a lot ! We can close the topic

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.