问题描述
我正在尝试在Kibana上创建一个Tile地图,并附有GEO的位置点。
由于某些原因,当我尝试创建地图时,我在Kibana上收到以下消息:
我的设置:
Logstash(2.3.1版):
filter {
grok {
match => {
message=> MY PATTERN
}
}
geoip {
source => ip
target => geoip
add_field => [location,%{[geoip] [latitude]},%{[geoip] [longitude]}]#添加这个额外的字段,以防嵌套字段出现问题
}
}
output {
stdout {codec => rubydebug}
elasticsearch {
hosts => [localhost:9200]
index => log
}
}
当日志输入到达时,我可以看到它解析它应该,我得到一个给定的IP的geoIp数据:
geoip=> {
ip=> XXX.XXX.XXX.XXX,
country_code2=> XX,
country_code3=> XXX,
country_name=> XXXXXX,
continent_code=> XX,
region_name=> XX,
city_name=> XXXXX,
latitude=> XX.0667,
longitude=> XX.766699999999986,
timezone=> XXXXXX,
real_region_name=> XXXXXX,
location=> [
[0] XX.766699999999986,
[1] XX.0667
]
},
location=> XX.0667,XX.766699999999986
ElasticSearch(版本2.3.1):
GET / logs / _mapping返回:
{/ pre>
logs :{
mappings:{
logs:{
properties:{
@timestamp:{
type:date ,
format:strict_date_optional_time || epoch_millis
},
。
。
。
geoip:{
properties:{
。
。
。
纬度:{
type:double
},
location:{
type:geo_point
},
longitude:{
type:double
}
}
},
location:{
type:geo_point
}
}
}
}
}
}
Kibana(版本4.5.0):
我看到所有的数据和一切似乎没事的。
只要我去可视化 - >平铺地图 - >从一个新的搜索 - >地理坐标,我收到这个错误信息:否兼容字段:logs索引模式不包含以下任何字段类型:geo_point
即使我在弹性搜索映射中看到位置类型是geo_point。
我缺少什么?解决方案发现问题!
我调用了索引logs。将索引名称更改为logstash-logs(需要logstash- *前缀),所有内容都开始运行!I'm trying to create a Tile map on Kibana, with GEO location points.For some reason, When I'm trying to create the map, I get the following message on Kibana:
My settings:
Logstash (version 2.3.1):filter { grok { match => { "message" => "MY PATTERN" } } geoip { source => "ip" target => "geoip" add_field => [ "location", "%{[geoip][latitude]}, %{[geoip][longitude]}" ] #added this extra field in case the nested field is the problem } } output { stdout { codec => rubydebug } elasticsearch { hosts => ["localhost:9200"] index => "logs" } }When log input arrives, I can see it parse it as should and I do get the geoIp data for a given IP:
"geoip" => { "ip" => "XXX.XXX.XXX.XXX", "country_code2" => "XX", "country_code3" => "XXX", "country_name" => "XXXXXX", "continent_code" => "XX", "region_name" => "XX", "city_name" => "XXXXX", "latitude" => XX.0667, "longitude" => XX.766699999999986, "timezone" => "XXXXXX", "real_region_name" => "XXXXXX", "location" => [ [0] XX.766699999999986, [1] XX.0667 ] }, "location" => "XX.0667, XX.766699999999986"ElasticSearch (version 2.3.1):
GET /logs/_mapping returns:{ "logs": { "mappings": { "logs": { "properties": { "@timestamp": { "type": "date", "format": "strict_date_optional_time||epoch_millis" }, . . . "geoip": { "properties": { . . . "latitude": { "type": "double" }, "location": { "type": "geo_point" }, "longitude": { "type": "double" } } }, "location": { "type": "geo_point" } } } } } }Kibana (version 4.5.0):
I do see all the data and everything seems to be fine.Just when I go to "Visualize" -> "Tile map" -> "From a new search" -> "Geo Coordinates", I get this error message:No Compatible Fields: The "logs" index pattern does not contain any of the following field types: geo_pointEven tho I see in elasticsearch mapping that the location type is geo_point.What am I missing?
解决方案Found the issue!I called the index "logs". changed the index name to "logstash-logs" (need logstash-* prefix) and everything started to function!
这篇关于ELK - Kibana不识别geo_point字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!