Template Creation for type geo_point in logstash

shashwat · September 19, 2017, 6:57am

Hi,

I have a csv file which contains Latitude_(A),Longitude_(A),Latitude_(B),Longitude_(B) fields. I want to use this data to put on coordinate map in Kibana.

I tried with following configuration:
mutate {
convert => { "Latitude_(A)" => "float" }
convert => { "Longitude_(A)" => "float" }
convert => { "Latitude_(B)" => "float" }
convert => { "Longitude_(B)" => "float" }
}

  mutate {
      rename => {
          "Latitude_(A)" => "[location][lat]"
          "Longitude_(A)" => "[location][lon]"
           "Latitude_(B)" => "[location][lat]"
          "Longitude_(B)" => "[location][lon]"
      }
  }

I tried to create a template for converting this to geo_point , like below:

"location" : { "type": "geo_point"}.

But I am not sure how to exactly use this template. Where should I keep this template?

Thanks,

warkolm · September 19, 2017, 8:05am

That's not valid, you will need two geopoint fields if you have two sets of coordinates. Otherwise it just over writes the first set.

shashwat · September 19, 2017, 8:09am

Thanks Mark for responding. Yes, I just checked in Kibana and it is overriding the previous one. Can you please help me out to setting up this? How can we provide two geopoint fields?

Thanks,

warkolm · September 19, 2017, 8:10am

Create another mutate + rename for the second location and you should be fine.

shashwat · September 19, 2017, 12:49pm

Thanks Mark, after putting another block for mutate+rename I can see now both the pair of lat/long but still I am not able to see them on the co-ordinate map. I see the following error:

"The "mapdata" index pattern does not contain any of the following field types: geo_point"

Following is the snapshot for the lat/longs captured:

warkolm · September 20, 2017, 12:38am

Ok great! Now let's make a change to the config;

mutate {
  add_field => [ "[location][coordinates]", "%{[location][lon]}" ]
  add_field => [ "[location][coordinates]", "%{[location][lat]}"  ]
}

This creates a single location.coordinates field, which Kibana needs.

Once you have that working we can look at the mapping.

system · October 18, 2017, 12:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How do i create field Types such as geo_point in a logstash conf file? Logstash	6	581	November 12, 2020
Geo_point and geohash in logstash Logstash	14	3035	November 7, 2019
How to construct geo_point field from separate fields of latitude and longitude for Kibana 7.6? Logstash	3	1889	April 29, 2020
How to construct geo_point field from separate fields of latitude and longitude for Kibana 5.4? Logstash	5	24034	August 2, 2017
Generating geo_point based on a couple float Logstash	1	319	December 29, 2019

Template Creation for type geo_point in logstash

Related topics