Home > Back-end >  Geo IP filter not creating geo point type Elastic Stack
Geo IP filter not creating geo point type Elastic Stack

Time:09-03

I'm working on a logstash pipeline. I am using the geoip filter. When viewing the logs, I can see the location.lat and the location.lon, as both floats, but I don't see a type that is a geoPoint

My pipeline filter

    geoip {
       id => "f5_bigip_ltm_src_geo"
       source => "[clientip]"
       #fields => [ "city_name", "continent_code", "country_name", "latitude", "longitude", "location", "postal_code", "region_name", "isp", "timezone" ]
       cache_size => "4096"
       #tag_on_failure => ["_geoip_failure_ltm"]
    }

Generated fields:

enter image description here

CodePudding user response:

Logstash does not have support for a geo_point data type. You have to use a mapping in Elasticsearch. When ECS compatibility is disabled (which used to be the default) the default target for the geoip filter is [geoip], and the default template for an elasticsearch output set the mapping for that field to be geo_point. logstash would send the geoip field to elasticsearch as a JSON object { "geoip": { "location": { "lat": 41.12, "lon": -71.34 } }. That is one of several formats that elasticsearch will convert to a geo_point provided that there is a mapping telling it to do so.

When ECS compatability is enabled the target varies, but you still need a mapping in elasticsearch.

Page link:https//www.codepudding.com/Backend/532470.html

Prev:Program cannot be executed because Cygcurl-4.dll was not found
Next:Find Distinct values ID Field based on Particular Field and Do Aggregation top of it- Elastic Search
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding