What is the correct way to specify mappings for "geo point" data type to index geo information documents in an elasticsearch index?

Elastic Stack Elasticsearch
1

I have configured a logstash pipeline in which I have used filter "logstash-filter-geoip" for getting geo information about the IP Address.I have specified mapping before indexing documents into elasticsearch but it is showing this below error in logstash while indexing documents into elasticsearch.

[WARN ] 2021-03-24 16:35:41.900 [[main]>worker0] elasticsearch - Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"test1", :routing=>nil, :_type=>"_doc"}, #<LogStash::Event:0xc7c54f6>], :response=>{"index"=>{"_index"=>"test1", "_type"=>"_doc", "_id"=>"bwTpY3gB09SioyeoXtLa", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse field [myloc] of type [geo_point]", "caused_by"=>{"type"=>"parse_exception", "reason"=>"field must be either [lat], [lon] or [geohash]"}}}}}

This is the mapping which I have done before indexing documents into elasticsearch.

PUT /test1
{
  "mappings": {
    "properties": {
      "location": {
        "type": "geo_point"
      }
    }
  }
}

This is the document which contains geographical information.

{
         "myloc" => {
              "latitude" => 47.6348,
           "region_code" => "WA",
              "timezone" => "America/Los_Angeles",
                    "ip" => "3.7.23.139",
         "country_code2" => "US",
         "country_code3" => "US",
             "longitude" => -122.3451,
              "dma_code" => 819,
           "region_name" => "Washington",
          "country_name" => "United States",
              "location" => {
            "lon" => -122.3451,
            "lat" => 47.6348
        },
             "city_name" => "Seattle",
        "continent_code" => "NA",
           "postal_code" => "98109"
    },
      "@version" => "1",
    "@timestamp" => 2021-03-24T11:05:40.821Z,
          "host" => "0.0.0.0",
       "message" => "3.7.23.139"
}

This is my logstash configuration pipeline:-

input {
        stdin {}
}

filter {
        geoip {
                source => "message"
                target => "myloc"
        }
}

output {
        stdout {}
        elasticsearch {
                hosts => ["http://localhost:9200"]
                user => "${USERNAME}"
                password => "${PASSWD}"
                index => "test1"
        }
}

Please provide some solution.

2

Could you run

GET /test1/_mapping

Please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

This is the icon to use if you are not using markdown format:

image
image764×92 16.4 KB

There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.

3

This is my mapping:-

GET /test1/_mapping

{
  "test1" : {
    "mappings" : {
      "properties" : {
        "myloc" : {
          "type" : "geo_point"
        }
      }
    }
  }
}
4

How do you explain that:

PUT /test1
{
  "mappings": {
    "properties": {
      "location": {
        "type": "geo_point"
      }
    }
  }
}

becomes

{
  "test1" : {
    "mappings" : {
      "properties" : {
        "myloc" : {
          "type" : "geo_point"
        }
      }
    }
  }
}

So probably you diid not share initially the exact information. That makes harder to help you.

Anyway, here the problem is that the geo_point needs to be set on field myloc.location and not myloc.

5

I have tried this and I have also added geotemplate for my index.Now that error is solved.
Can you tell me how can I plot this geoinformation on kibana maps? I am using kibana version 7.11.1

6

That's another question. Please open a question in #elastic-stack:kibana then.

7

Ok.Thanks for your help

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.