Troubles Displaying Geo Points on a Map

Hello,
I am trying to use maps initially to show geo points correlated to airports which is now static data but that in future I want somehow connect to my application health endpoints.

To create my map the following steps were performed:

1. Created a geo template connected to my index pattern (which I created ahead).

    PUT _template/geotemplate
    {
      "index_patterns": ["airportgeolocation"],
      "settings": { },
        "mappings": {
          "properties": {
            "geolocation": {
                "type": "geo_point"
            }
          }
        }

2. Loaded data using a local logstash pointing to my cloud Elastic running on an aks, data was something such as:

2564,"Guarulhos - Governador André Franco Montoro International Airport","Sao Paulo","Brazil","GRU","SBGR",-23.435556411743164,-46.47305679321289,2459,-3,"S","America/Sao_Paulo","airport","OurAirports"

3. Created my index pattern called airportgeolocation
   
   

   image913×393 26 KB

I then:

1. Went to Maps and created a new map
2. Added a Layer
3. Selected Documents from the list
4. Gave a name - Airports
5. Added a Tooltip field
6. Set the label border as Large
7. Saved and closed

Still Nothing shows on the map.

image1890×976 553 KB

I added a couple more airports after that but still no luck.

Whenever I go to inspect I can see that the request is bringing 7 hits though.

image703×255 14.2 KB

I am using:
Kibana: 7.6.2
Elastic: 7.6.2
Logstash: 7.6.2

@nreese would you be able to offer suggestions on this?

In the inspector tab, what does the response look like?

Hello @Nathan_Reese, thanks for the answer. Following the copied text from the response:

{
  "took": 0,
  "timed_out": false,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": 7,
    "max_score": 0,
    "hits": [
      {
        "_index": "airportgeolocation",
        "_type": "_doc",
        "_id": "wKxUWnEBATt_XpwlIkcp",
        "_score": 0
      },
      {
        "_index": "airportgeolocation",
        "_type": "_doc",
        "_id": "h6xTWnEBATt_XpwlDDja",
        "_score": 0
      },
      {
        "_index": "airportgeolocation",
        "_type": "_doc",
        "_id": "JqxSWnEBATt_XpwltjR5",
        "_score": 0
      },
      {
        "_index": "airportgeolocation",
        "_type": "_doc",
        "_id": "2KxSWnEBATt_XpwldjAp",
        "_score": 0
      },
      {
        "_index": "airportgeolocation",
        "_type": "_doc",
        "_id": "eKosWnEBATt_XpwlkSEx",
        "_score": 0
      },
      {
        "_index": "airportgeolocation",
        "_type": "_doc",
        "_id": "yqgWWnEBATt_Xpwl2fLP",
        "_score": 0
      },
      {
        "_index": "airportgeolocation",
        "_type": "_doc",
        "_id": "b6gTWnEBATt_Xpwl3Mk1",
        "_score": 0
      }
    ]
  }
}

That is interesting, the hits do not contain any geometries for your points. The response should look more like the below. What does the request look like? And what does the index mapping look like? Do your documents populate the selected geo field?

{
  "took": 8,
  "timed_out": false,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": 245,
    "max_score": 0,
    "hits": [
      {
        "_index": "kibana_sample_data_logs",
        "_id": "iR9NWnEBHkFtYI-lGTL6",
        "_score": 0,
        "fields": {
          "geo.coordinates": [
            "34.2636194312945, -116.85447505675256"
          ]
        }
      },
      {
        "_index": "kibana_sample_data_logs",
        "_id": "iB9NWnEBHkFtYI-lGTL6",
        "_score": 0,
        "fields": {
          "geo.coordinates": [
            "41.55834525357932, -98.54618528857827"
          ]
        }
      },

Following the request:

{
  "docvalue_fields": [
    "geolocation"
  ],
  "size": 10000,
  "_source": false,
  "stored_fields": [
    "geolocation"
  ],
  "script_fields": {},
  "query": {
    "bool": {
      "must": [],
      "filter": [
        {
          "range": {
            "@timestamp": {
              "gte": "2020-04-07T13:11:53.117Z",
              "lte": "2020-04-09T13:11:53.118Z",
              "format": "strict_date_optional_time"
            }
          }
        }
      ],
      "should": [],
      "must_not": []
    }
  }
}

The index mapping is the following:

{
  "mapping": {
    "_doc": {
      "properties": {
        "@timestamp": {
          "type": "date"
        },
        "@version": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 256
            }
          }
        },
        "Airport_ID": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 256
            }
          }
        },
        "Altitude": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 256
            }
          }
        },
        "City": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 256
            }
          }
        },
        "Country": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 256
            }
          }
        },
        "DST": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 256
            }
          }
        },
        "IATA": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 256
            }
          }
        },
        "ICAO": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 256
            }
          }
        },
        "Latitude": {
          "type": "float"
        },
        "Longitude": {
          "type": "float"
        },
        "Name": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 256
            }
          }
        },
        "Source": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 256
            }
          }
        },
        "Timezone": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 256
            }
          }
        },
        "Type": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 256
            }
          }
        },
        "database_time_zone": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 256
            }
          }
        },
        "geoLocation": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 256
            }
          }
        },
        "geolocation": {
          "type": "geo_point"
        },
        "host": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 256
            }
          }
        },
        "message": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 256
            }
          }
        },
        "tags": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 256
            }
          }
        }
      }
    }
  }
}

Whenever I am loading them I start logstash like this: /usr/share/logstash/bin/logstash -f ./logstash_geolocation.conf

My Conf file is the following:

input { 
	stdin { } 
}

filter {
    csv {
    separator => ","
    columns => ["Airport_ID","Name","City","Country","IATA","ICAO","Latitude","Longitude","Altitude","Timezone","DST","database_time_zone","Type","Source"]
  }
  mutate {convert => ["Airport_ID", "string"] }
  mutate {convert => ["Name", "string"] }
  mutate {convert => ["City", "string"] }
  mutate {convert => ["Country", "string"] }
  mutate {convert => ["IATA", "string"] }
  mutate {convert => ["ICAO", "string"] }
  mutate {convert => ["Latitude", "float"] }
  mutate {convert => ["Longitude", "float"] }
  mutate {convert => ["Altitude", "string"] }
  mutate {convert => ["Timezone", "string"] }
  mutate {convert => ["DST", "string"] }
  mutate {convert => ["database_time_zone", "string"] }
  mutate {convert => ["Type", "string"] }
  mutate {convert => ["Source", "string"] }
  mutate {
    add_field => {
      "geoLocation" => "%{Latitude},%{Longitude}"
      }
    }
}

output {
  elasticsearch { 
    hosts => ["elasticsearch-master.monitoring.svc.cluster.local:9200"] 
    index => "airportgeolocation"
  }
  stdout { codec => rubydebug }
}

Your mapping has both: geolocation and geoLocation. Apparently your template is expecting all lowercase but your Logstash filter is adding the field with a capital L.

Thank you Jorge and @Nathan_Reese! worked!
I erased my index, recreated everything and fixed my bulk/conf file.

Sorry for the dumb error!

No prob, glad we fixed it!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.