ELK - Kibana 无法识别 geo_point 字段
ELK - Kibana doesn't recognize geo_point field
我正在尝试在 Kibana 上创建带有 GEO 位置点的 Tile 地图。
出于某种原因,当我尝试创建地图时,我在 Kibana 上收到以下消息:
No Compatible Fields: The "logs" index pattern does not contain any of
the following field types: geo_point
我的设置:
Logstash(版本 2.3.1):
filter {
grok {
match => {
"message" => "MY PATTERN"
}
}
geoip {
source => "ip"
target => "geoip"
add_field => [ "location", "%{[geoip][latitude]}, %{[geoip][longitude]}" ] #added this extra field in case the nested field is the problem
}
}
output {
stdout { codec => rubydebug }
elasticsearch {
hosts => ["localhost:9200"]
index => "logs"
}
}
当日志输入到达时,我可以看到它按应有的方式对其进行了解析,并且我确实获得了给定 IP 的 geoIp 数据:
"geoip" => {
"ip" => "XXX.XXX.XXX.XXX",
"country_code2" => "XX",
"country_code3" => "XXX",
"country_name" => "XXXXXX",
"continent_code" => "XX",
"region_name" => "XX",
"city_name" => "XXXXX",
"latitude" => XX.0667,
"longitude" => XX.766699999999986,
"timezone" => "XXXXXX",
"real_region_name" => "XXXXXX",
"location" => [
[0] XX.766699999999986,
[1] XX.0667
]
},
"location" => "XX.0667, XX.766699999999986"
ElasticSearch(版本 2.3.1):
获取 /logs/_mapping returns:
{
"logs": {
"mappings": {
"logs": {
"properties": {
"@timestamp": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
.
.
.
"geoip": {
"properties": {
.
.
.
"latitude": {
"type": "double"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "double"
}
}
},
"location": {
"type": "geo_point"
}
}
}
}
}
}
Kibana(版本 4.5.0):
我确实看到了所有数据,一切似乎都很好。
就在我转到 "Visualize" -> "Tile map" -> "From a new search" -> "Geo Coordinates" 时,我收到此错误消息:
No Compatible Fields: The "logs" index pattern does not contain any of the following field types: geo_point
即使我在 elasticsearch 映射中看到位置类型是 geo_point。
我错过了什么?
找到问题了!
我称索引为"logs"。将索引名称更改为 "logstash-logs"(需要 logstash-* 前缀),一切开始运行!
我正在尝试在 Kibana 上创建带有 GEO 位置点的 Tile 地图。 出于某种原因,当我尝试创建地图时,我在 Kibana 上收到以下消息:
No Compatible Fields: The "logs" index pattern does not contain any of the following field types: geo_point
我的设置:
Logstash(版本 2.3.1):
filter {
grok {
match => {
"message" => "MY PATTERN"
}
}
geoip {
source => "ip"
target => "geoip"
add_field => [ "location", "%{[geoip][latitude]}, %{[geoip][longitude]}" ] #added this extra field in case the nested field is the problem
}
}
output {
stdout { codec => rubydebug }
elasticsearch {
hosts => ["localhost:9200"]
index => "logs"
}
}
当日志输入到达时,我可以看到它按应有的方式对其进行了解析,并且我确实获得了给定 IP 的 geoIp 数据:
"geoip" => {
"ip" => "XXX.XXX.XXX.XXX",
"country_code2" => "XX",
"country_code3" => "XXX",
"country_name" => "XXXXXX",
"continent_code" => "XX",
"region_name" => "XX",
"city_name" => "XXXXX",
"latitude" => XX.0667,
"longitude" => XX.766699999999986,
"timezone" => "XXXXXX",
"real_region_name" => "XXXXXX",
"location" => [
[0] XX.766699999999986,
[1] XX.0667
]
},
"location" => "XX.0667, XX.766699999999986"
ElasticSearch(版本 2.3.1):
获取 /logs/_mapping returns:
{
"logs": {
"mappings": {
"logs": {
"properties": {
"@timestamp": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
.
.
.
"geoip": {
"properties": {
.
.
.
"latitude": {
"type": "double"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "double"
}
}
},
"location": {
"type": "geo_point"
}
}
}
}
}
}
Kibana(版本 4.5.0):
我确实看到了所有数据,一切似乎都很好。
就在我转到 "Visualize" -> "Tile map" -> "From a new search" -> "Geo Coordinates" 时,我收到此错误消息:
No Compatible Fields: The "logs" index pattern does not contain any of the following field types: geo_point
即使我在 elasticsearch 映射中看到位置类型是 geo_point。 我错过了什么?
找到问题了! 我称索引为"logs"。将索引名称更改为 "logstash-logs"(需要 logstash-* 前缀),一切开始运行!