What is the difference between geo_point and geohash in ELK? It is somehow becoming more difficult to write geodata into elastic using pure java code. Is there as specific library to use in Java or what is the way to go about it?

ShilpaT · April 5, 2019, 10:04am

What is the difference between geo_point and geohash in ELK? It is somehow becoming more difficult to write geodata into elastic using pure java code. Is there as specific library to use in Java or what is the way to go about it?
I have tried many means to achieve this but none of them seem to work. Can you help please?

Ignacio_Vera · April 5, 2019, 10:21am

Could you share a bit more information of what you are trying to do, for example which client are you using and different approaches taken?

ShilpaT · April 5, 2019, 11:27am

I am trying to insert some geo-points in the form of latitude and longitude using Java code. The scenario is: Elasticsearch and Kibana are installed on top of Docker on CentOS. Into that I am sending data using OSGi bundles written in Java. One of the data type is geo-points. Which is not getting stored as 'geo_point' or 'geohash'. I have taken the reference from Flights sample data. And consulted the following links to understand inserting geo-data into Elastic database:

The JSON mapping that I am sending from java code is inserting all of the data, but storing the location data as String. Which then cannot be visualized on Elastic Maps or?
Plus, do I need to install something separately for Maps to work? I am using elasticsearch:6.5.3 and kibana:6.5.3.

Approaches taken were using external libraries to send geohash data directly from Java. Sample link:

Ignacio_Vera · April 5, 2019, 11:42am

If you have defined the datatype of your field to geo_point but they are indexed as strings might mean there is a mismatch between your mapping and the document you are sending. You can try to set the dynamic property in your mapping to strict. If the above is true you should see an error:

https://www.elastic.co/guide/en/elasticsearch/reference/6.7/dynamic.html

You can post here your mapping and a example of the document you are sending if possible.

ShilpaT · April 5, 2019, 11:51am

You're right. I have the following mapping:

POST devmon:9200/event-2019.04.06/
{
"severity":"INFO",
"hostname":"devats",
"ComplaintJob.Location":"48.85544,9.1794",
"@timestamp":1554456001686,
"descriptor":"ComplaintJob",
"message":"Complaint Resolved",
"group":"Complaint"
}

And the error received is:

"error": {
"root_cause": [
{
"type": "illegal_argument_exception",
"reason": "Rejecting mapping update to [devmon:9200] as the final mapping would have more than 1 type: [event-2019.04.04-backup, event-2019.04.06]"
}
],
"type": "illegal_argument_exception",
"reason": "Rejecting mapping update to [devmon:9200] as the final mapping would have more than 1 type: [event-2019.04.04-backup, event-2019.04.06]"
},
"status": 400
}

The PUT mapping will be needed everytime I insert a new field?

Ignacio_Vera · April 5, 2019, 11:55am

What you post here is not the mapping but a document. You can get the mapping using the GET mapping API:

https://www.elastic.co/guide/en/elasticsearch/reference/6.7/indices-get-mapping.html

Mappings are defined once so no need to execute every time.

ShilpaT · April 5, 2019, 12:01pm

Query: GET event-2019.04.04/_mapping/_doc

Mapping:
{
"event-2019.04.04" : {
"mappings" : {
"_doc" : {
"dynamic_templates" : [
{
"only_keyword" : {
"match_mapping_type" : "string",
"mapping" : {
"type" : "keyword"
}
}
}
],
"properties" : {
"@timestamp" : {
"type" : "date"
},
"client" : {
"type" : "keyword"
},
"descriptor" : {
"type" : "keyword"
},
"group" : {
"type" : "keyword"
},
"hostname" : {
"type" : "keyword"
},
"location" : {
"properties" : {
"lat" : {
"type" : "float"
},
"lon" : {
"type" : "float"
},
"type:" : {
"type" : "keyword"
}
}
},
"message" : {
"type" : "text"
},
"severity" : {
"type" : "keyword"
}
}
}
}
}
}

Ignacio_Vera · April 5, 2019, 12:22pm

As you can see in the mapping, there is no geo_point field. There is a field called location.lat and another location.lon of type float.

There is something estrange because in your document the point is under the following field: "ComplaintJob.Location":"48.85544,9.1794". It does not match but I see that data and mappings come from different index: event-2019.04.04 vs event-2019.04.06

For example if I create this mapping:

PUT /event-2019.04.04/_mapping/_doc
{
  "dynamic": "strict",
  "properties": {
    "@timestamp": {
      "type": "date"
    },
    "client": {
      "type": "keyword"
    },
    "descriptor": {
      "type": "keyword"
    },
    "group": {
      "type": "keyword"
    },
    "hostname": {
      "type": "keyword"
    },
    "ComplaintJob.Location": {
          "type": "geo_point"
    },
    "message": {
      "type": "text"
    },
    "severity": {
      "type": "keyword"
    }
  }
}

Then I can successfully ingest the document you sent.

ShilpaT · April 8, 2019, 11:02am

It worked
On Friday itself, letting you know. Vielen Sehr Dank for the help.

system · May 6, 2019, 11:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.