无法在 kibana 的瓦片地图中显示位置
Unable to show location in tile map of kibana
我正在使用 Elasticsearch-1.5.1、Kibana-4.0.2-linux-x86、Logstash-1.4.2。
我的 logstash conf 是这样的
input{
redis{
data_type=>'list'
key=>'pace'
password=>'bhushan'
type=>pace
}
}filter {
geoip {
source => "mdc.ip"
target => "geoip"
database => "/opt/logstash-1.4.2/vendor/geoip/GeoLiteCity.dat"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
}
output{
if[type]=="pace"{
elasticsearch{
template_overwrite => true
host=>localhost
index=>'pace'
template => "/opt/logstash-1.4.2/mytemplates/elasticsearch-template.json"
template_name => "bhushan"
}
}
stdout{
codec=>rubydebug
}
}
我的 elasticsearch-template.json 是
{
"template" : "bhushan",
"settings" : {
"index.refresh_interval" : "5s"
},
"mappings" : {
"_default_" : {
"_all" : {"enabled" : true},
"dynamic_templates" : [ {
"string_fields" : {
"match" : "*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "string", "index" : "analyzed", "omit_norms" : true,
"fields" : {
"raw" : {"type": "string", "index" : "not_analyzed", "ignore_above" : 256}
}
}
}
} ],
"properties" : {
"@version": { "type": "string", "index": "not_analyzed" },
"geoip" : {
"type" : "object",
"dynamic": true
"properties" : {
"location" : { "type" : "geo_point" }
}
}
}
}
}
}
当我做 url curl http://localhost:9200/pace/_mapping/pace/field/geoip.location?pretty
{
"pace" : {
"mappings" : {
"pace" : {
"geoip.location" : {
"full_name" : "geoip.location",
"mapping" : {
"location" : {
"type" : "double"
}
}
}
}
}
}
}
日志记录示例如下
{
"thread_name" => "main",
"mdc.ip" => "14.X.X.X",
"message" => "Hii, I m in info",
"@timestamp" => "2015-05-15T10:18:32.904+05:30",
"level" => "INFO",
"file" => "Test.java",
"class" => "the.bhushan.log.test.Test",
"line_number" => "15",
"logger_name" => "bhushan",
"method" => "main",
"@version" => "1",
"type" => "pace",
"geoip" => {
"ip" => "14.X.X.X",
"country_code2" => "IN",
"country_code3" => "IND",
"country_name" => "India",
"continent_code" => "AS",
"region_name" => "16",
"city_name" => "Mumbai",
"latitude" => 18.974999999999994,
"longitude" => 72.82579999999999,
"timezone" => "Asia/Calcutta",
"real_region_name" => "Maharashtra",
"location" => [
[0] 72.82579999999999,
[1] 18.974999999999994
],
"coordinates" => [
[0] "72.82579999999999",
[1] "18.974999999999994"
]
}
}
我认为我的问题与 相同,所以我做了 link 中提到的所有事情,比如删除所有旧索引并重新启动 LS 和 ES,但没有成功。
感谢任何帮助。
您的 logstash 过滤器将坐标存储在字段 geoip.coordinates 中,但是在您的 elasticsearch-template.json 映射中,该字段称为 geoip.location。这显示在您的示例日志记录中,您可以在其中看到 geoip 子对象中的两个字段 location 和 coordinates。
我想如果你在你的 logstash 过滤器中改变它,你可能会很好:
由此
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
对此
add_field => [ "[geoip][location]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][location]", "%{[geoip][latitude]}" ]
更新
geoip 过滤器中的两个 add_field 指令可以删除,因为它们是不必要的"path": "full" 可以删除,因为它自 ES v1.0- 模板名称应为
pace而不是bushan,即存储日志记录的索引名称。
我正在使用 Elasticsearch-1.5.1、Kibana-4.0.2-linux-x86、Logstash-1.4.2。 我的 logstash conf 是这样的
input{
redis{
data_type=>'list'
key=>'pace'
password=>'bhushan'
type=>pace
}
}filter {
geoip {
source => "mdc.ip"
target => "geoip"
database => "/opt/logstash-1.4.2/vendor/geoip/GeoLiteCity.dat"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
}
output{
if[type]=="pace"{
elasticsearch{
template_overwrite => true
host=>localhost
index=>'pace'
template => "/opt/logstash-1.4.2/mytemplates/elasticsearch-template.json"
template_name => "bhushan"
}
}
stdout{
codec=>rubydebug
}
}
{
"template" : "bhushan",
"settings" : {
"index.refresh_interval" : "5s"
},
"mappings" : {
"_default_" : {
"_all" : {"enabled" : true},
"dynamic_templates" : [ {
"string_fields" : {
"match" : "*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "string", "index" : "analyzed", "omit_norms" : true,
"fields" : {
"raw" : {"type": "string", "index" : "not_analyzed", "ignore_above" : 256}
}
}
}
} ],
"properties" : {
"@version": { "type": "string", "index": "not_analyzed" },
"geoip" : {
"type" : "object",
"dynamic": true
"properties" : {
"location" : { "type" : "geo_point" }
}
}
}
}
}
}
当我做 url curl http://localhost:9200/pace/_mapping/pace/field/geoip.location?pretty
{
"pace" : {
"mappings" : {
"pace" : {
"geoip.location" : {
"full_name" : "geoip.location",
"mapping" : {
"location" : {
"type" : "double"
}
}
}
}
}
}
}
日志记录示例如下
{
"thread_name" => "main",
"mdc.ip" => "14.X.X.X",
"message" => "Hii, I m in info",
"@timestamp" => "2015-05-15T10:18:32.904+05:30",
"level" => "INFO",
"file" => "Test.java",
"class" => "the.bhushan.log.test.Test",
"line_number" => "15",
"logger_name" => "bhushan",
"method" => "main",
"@version" => "1",
"type" => "pace",
"geoip" => {
"ip" => "14.X.X.X",
"country_code2" => "IN",
"country_code3" => "IND",
"country_name" => "India",
"continent_code" => "AS",
"region_name" => "16",
"city_name" => "Mumbai",
"latitude" => 18.974999999999994,
"longitude" => 72.82579999999999,
"timezone" => "Asia/Calcutta",
"real_region_name" => "Maharashtra",
"location" => [
[0] 72.82579999999999,
[1] 18.974999999999994
],
"coordinates" => [
[0] "72.82579999999999",
[1] "18.974999999999994"
]
}
}
我认为我的问题与
您的 logstash 过滤器将坐标存储在字段 geoip.coordinates 中,但是在您的 elasticsearch-template.json 映射中,该字段称为 geoip.location。这显示在您的示例日志记录中,您可以在其中看到 geoip 子对象中的两个字段 location 和 coordinates。
我想如果你在你的 logstash 过滤器中改变它,你可能会很好:
由此
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
对此
add_field => [ "[geoip][location]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][location]", "%{[geoip][latitude]}" ]
更新
geoip过滤器中的两个add_field指令可以删除,因为它们是不必要的"path": "full"可以删除,因为它自 ES v1.0 以来已被弃用
- 模板名称应为
pace而不是bushan,即存储日志记录的索引名称。