What is the correct way to specify mappings for "geo point" data type to index geo information documents in an elasticsearch index?

Husnain · March 24, 2021, 11:32am

I have configured a logstash pipeline in which I have used filter "logstash-filter-geoip" for getting geo information about the IP Address.I have specified mapping before indexing documents into elasticsearch but it is showing this below error in logstash while indexing documents into elasticsearch.

[WARN ] 2021-03-24 16:35:41.900 [[main]>worker0] elasticsearch - Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"test1", :routing=>nil, :_type=>"_doc"}, #<LogStash::Event:0xc7c54f6>], :response=>{"index"=>{"_index"=>"test1", "_type"=>"_doc", "_id"=>"bwTpY3gB09SioyeoXtLa", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse field [myloc] of type [geo_point]", "caused_by"=>{"type"=>"parse_exception", "reason"=>"field must be either [lat], [lon] or [geohash]"}}}}}

This is the mapping which I have done before indexing documents into elasticsearch.

PUT /test1
{
  "mappings": {
    "properties": {
      "location": {
        "type": "geo_point"
      }
    }
  }
}

This is the document which contains geographical information.

{
         "myloc" => {
              "latitude" => 47.6348,
           "region_code" => "WA",
              "timezone" => "America/Los_Angeles",
                    "ip" => "3.7.23.139",
         "country_code2" => "US",
         "country_code3" => "US",
             "longitude" => -122.3451,
              "dma_code" => 819,
           "region_name" => "Washington",
          "country_name" => "United States",
              "location" => {
            "lon" => -122.3451,
            "lat" => 47.6348
        },
             "city_name" => "Seattle",
        "continent_code" => "NA",
           "postal_code" => "98109"
    },
      "@version" => "1",
    "@timestamp" => 2021-03-24T11:05:40.821Z,
          "host" => "0.0.0.0",
       "message" => "3.7.23.139"
}

This is my logstash configuration pipeline:-

input {
        stdin {}
}

filter {
        geoip {
                source => "message"
                target => "myloc"
        }
}

output {
        stdout {}
        elasticsearch {
                hosts => ["http://localhost:9200"]
                user => "${USERNAME}"
                password => "${PASSWD}"
                index => "test1"
        }
}

Please provide some solution.

dadoonet · March 24, 2021, 3:33pm

Could you run

GET /test1/_mapping

Please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

This is the icon to use if you are not using markdown format:

There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.

Husnain · March 25, 2021, 6:57am

This is my mapping:-

GET /test1/_mapping

{
  "test1" : {
    "mappings" : {
      "properties" : {
        "myloc" : {
          "type" : "geo_point"
        }
      }
    }
  }
}

dadoonet · March 25, 2021, 7:51am

How do you explain that:

PUT /test1
{
  "mappings": {
    "properties": {
      "location": {
        "type": "geo_point"
      }
    }
  }
}

becomes

{
  "test1" : {
    "mappings" : {
      "properties" : {
        "myloc" : {
          "type" : "geo_point"
        }
      }
    }
  }
}

So probably you diid not share initially the exact information. That makes harder to help you.

Anyway, here the problem is that the geo_point needs to be set on field myloc.location and not myloc.

Husnain · March 25, 2021, 7:55am

I have tried this and I have also added geotemplate for my index.Now that error is solved.
Can you tell me how can I plot this geoinformation on kibana maps? I am using kibana version 7.11.1

dadoonet · March 25, 2021, 8:01am

That's another question. Please open a question in #elastic-stack:kibana then.

Husnain · March 25, 2021, 8:08am

Ok.Thanks for your help

system · April 22, 2021, 8:09am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Still has the problem that index pattern does not contain any of the following field types: geo_point Elasticsearch	4	424	November 29, 2018
Mapping field as geo_point Logstash	3	1540	December 29, 2020
Geo_point and the logstash-* index Logstash	2	546	April 21, 2017
GeoIP Fields != desired geo_point type Logstash	4	952	March 21, 2017
Geo_point type doesn't match Elasticsearch	3	523	May 2, 2017

What is the correct way to specify mappings for "geo point" data type to index geo information documents in an elasticsearch index?

Related topics