Logstash filter geo_point with lat long?

Question

Logstash filter geo_point with lat long?

Part of my grok filter (worker) captures the following two fields:

% {NUMBER: XCent}% {NUMBER: YCent}

which are long, long points.

I try to add a location contact, but keep getting a configuration failure when I use the -debug flag in the configuration file

All my configuration works until I get this section.

if [XCent] and [YCent] { mutate { add_field => { "[location][lat]" => "%{XCent}" "[location][lon]" => "%{YCent}" } } mutate { convert => { "[location][lat]" => "float" "[location][lon]" => "float" } } mutate { convert => {"[location]", "geo_point"} } }

My thought was that this is basically what the elastic documentation for logstash 1.4 offers.

https://www.elastic.co/guide/en/elasticsearch/reference/1.4/mapping-geo-point-type.html

Edit: Found the best way to apply the configuration in the filter, updated code.

+5

logstash logstash-configuration

russOnXMaps Jul 30 '15 at 16:12

source share

1 answer

Aj · Answer 1 · 2016-08-09T06:01:59+0000

Third mutate filter is invalid. convert takes a hash as an argument. And the actual conversions are integer, float, string and boolean. You do not need this filter, so you can simply remove it.

To set the location field as a geo_point type, you need to modify the Elasticsearch index template that you use for your data.

Logstash filter geo_point with lat long?

More articles: