Still has the problem that index pattern does not contain any of the following field types: geo_point

Elastic Stack Elasticsearch
1

logstash-6.2.4
elasticsearch-6.2.4
Here is the filter configuration in logstash:
geoip {
source => "src_ip"
target => "geoip"
database => "/usr/share/GeoIP/GeoLite2-City.mmdb"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
mutate {
convert => [ "[geoip][coordinates]", "float"]
}

And this is the geoip.location definition in elasticsearch mappings:
"location": {
"properties": {
"lat": {
"type": "float"
},
"lon": {
"type": "float"
}
}

If I applied mappings to es:
PUT my_index
{
"mappings": {
"_doc": {
"properties": {
"location": {
"type": "geo_point"
}
}
}
}
}

Another error happened:
[geoip.location] is defined as an object in mapping [doc] but this name is already used for a field in other types

This is not a new problem. However I can't find the workable solution from the discussion forum

2

Try this

geoip   {
        source => "src_ip"
        target => "geoip"
        add_field => [ "[geoip][coordinates]", "%{[geoip][location][lon]}" ]
        add_field => [ "[geoip][coordinates]", "%{[geoip][location][lat]}" ]
        }
 mutate {
        convert => [ "[geoip][coordinates]", "float" ]
3

It doesn't work.
No geoip.location field found in the index:
image

4

You need to delete the index, create the index with a proper mapping and reindex.

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.