Struggling with geo_point

jcas · September 23, 2018, 11:06am

Hey all,

I have a json log file that I want to plot onto maps in Kibana. A sample log entry looks like this:

{"ssid": "ABCDEFG", "@timestamp": "2018-09-22T17:20:35.000Z", "longitude": "12.345678901", "geo_point": "98.12345678,12.345678901", "device_type": "Client", "mac_address": "XX:XX:XX:XX:XX:XX", "latitude": "98.12345678", "rssi": "-55", "channel": "3", "manufacturer": "unknown"}

Kibana shows geo_point, latitude, and longitude as string types. I obviously need them to be geo_point in order to map them. This is my first time dealing with geo_point in kibana and I'm struggling to make sense of the various documentation articles on the matter.

What's the safest way to go about this? I can manipulate every point of this to include how the json log is written. Would it be best that I manipulate the json log format to be something like {"geopoint":{"latitude":"98.12345678", "longitude":"12.345678901"}} or would I be better off mutating this data in logstash or via elasticsearch?

If manipulating how the json data is written is not the correct way to go about this, step-by-step what do I need to do to configure the elastic stack to process this data correctly?

tylersmalley · September 25, 2018, 5:43am

You will need to make sure that the geo_point field is a geo_point type.

Here is the example I created:

PUT discuss-149588
{
    "settings" : {
        "number_of_shards" : 1
    },
    "mappings" : {
        "doc" : {
            "properties" : {
                "geo_point" : { "type" : "geo_point" },
                "device_type": { "type": "keyword" },
                "mac_address": { "type": "text" },
                "ssid": { "type": "keyword" }
            }
        }
    }
}

POST discuss-149588/doc
{
  "geo_point": "45.516020,-122.681430",
  "device_type": "Client",
  "mac_address": "XX:XX:XX:XX:XX:XX",
  "ssid": "ABCDEFG"
}

With this I can add the index pattern discuss-149588. On the index pattern page, you can verify that the geo_point the correct type:

Now, you can create a Coordinate Map using your new index.

system · October 23, 2018, 5:46am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
JSON latitude/longitude to geo_point Elasticsearch	5	12500	July 5, 2017
Geo_point tile map Kibana	3	862	July 6, 2017
Logstash 6.2.3 convert json values to GeoPoint Issue Logstash	6	1223	October 31, 2018
Geopoint data type not getting updated Logstash	6	334	June 11, 2020
Problem with storing coordinates as geo_point Logstash	1	514	February 10, 2017

Struggling with geo_point

Related topics