1. 首頁
  2. 問答
  3. 使用logstash將CSV地理數據轉換爲elasticsearch作爲geo_point類型

使用logstash將CSV地理數據轉換爲elasticsearch作爲geo_point類型

2016-03-07 48 views
3

下面是我用於最新版本的logstash和elasticsearch的問題的一個可重複使用的示例。使用logstash將CSV地理數據轉換爲elasticsearch作爲geo_point類型

我正在使用logstash將地理空間數據從csv輸入到elasticsearch中作爲geo_points。

的CSV如下所示:

$ head simple_base_map.csv 
"lon","lat" 
-1.7841,50.7408 
-1.7841,50.7408 
-1.78411,50.7408 
-1.78412,50.7408 
-1.78413,50.7408 
-1.78414,50.7408 
-1.78415,50.7408 
-1.78416,50.7408 
-1.78416,50.7408

我必須創建一個看起來像下面這樣的映射模板:

$ cat simple_base_map_template.json 
{ 
    "template": "base_map_template", 
    "order": 1, 
    "settings": { 
    "number_of_shards": 1 
    }, 

     "mappings": { 
     "node_points" : { 
      "properties" : { 
      "location" : { "type" : "geo_point" } 
      } 
     } 
     } 
}

,並有logstash配置文件看起來像以下:

$ cat simple_base_map.conf 
input { 
    stdin {} 
} 

filter { 
    csv { 
     columns => [ 
     "lon", "lat" 
     ] 
    } 

    if [lon] == "lon" { 
     drop { } 
    } else { 
     mutate { 
      remove_field => [ "message", "host", "@timestamp", "@version"  ] 
     } 
     mutate { 
      convert => { "lon" => "float" } 
      convert => { "lat" => "float" } 
      } 

     mutate { 
      rename => { 
       "lon" => "[location][lon]" 
       "lat" => "[location][lat]" 
      } 
     } 
    } 
} 

output { 
    stdout { codec => dots } 
    elasticsearch { 
     index => "base_map_simple" 
     template => "simple_base_map_template.json" 
     document_type => "node_points" 
    } 
}

然後我運行以下內容:

$cat simple_base_map.csv | logstash-2.1.3/bin/logstash -f simple_base_map.conf 
Settings: Default filter workers: 16 
Logstash startup completed 
....................................................................................................Logstash shutdown completed

但是看指數base_map_simple時,表明該文件將不會有一個位置:geo_point類型在它...而這將是緯度和經度兩個雙打。

$ curl -XGET 'localhost:9200/base_map_simple?pretty' 
{ 
    "base_map_simple" : { 
    "aliases" : { }, 
    "mappings" : { 
     "node_points" : { 
     "properties" : { 
      "location" : { 
      "properties" : { 
       "lat" : { 
       "type" : "double" 
       }, 
       "lon" : { 
       "type" : "double" 
       } 
      } 
      } 
     } 
     } 
    }, 
    "settings" : { 
     "index" : { 
     "creation_date" : "1457355015883", 
     "uuid" : "luWGyfB3ToKTObSrbBbcbw", 
     "number_of_replicas" : "1", 
     "number_of_shards" : "5", 
     "version" : { 
      "created" : "2020099" 
     } 
     } 
    }, 
    "warmers" : { } 
    } 
}

我將如何更改上述任何文件以確保它作爲geo_point類型進入彈性搜索?

最後,我希望能夠通過命令來進行對geo_points最近鄰居搜索,如以下幾點:

curl -XGET 'localhost:9200/base_map_simple/_search?pretty' -d' 
{ 
    "size": 1, 
    "sort": { 
    "_geo_distance" : { 
     "location" : { 
      "lat" : 50, 
      "lon" : -1 
     }, 
     "order" : "asc", 
     "unit": "m" 
    } 
    } 
}'

感謝

來源

2016-03-07 h.l.m

回答

3

的問題是,在你的elasticsearch輸出您命名索引base_map_simple而在您的模板中template屬性base_map_template,因此創建新索引時不應用模板。該template財產needs to somehow match的索引的名稱,以便正在創建的模板踢

它會工作,如果你簡單地改變後者base_map_*,即在:

{ 
    "template": "base_map_*",    <--- change this 
    "order": 1, 
    "settings": { 
    "index.number_of_shards": 1 
    }, 
    "mappings": { 
    "node_points": { 
     "properties": { 
     "location": { 
      "type": "geo_point" 
     } 
     } 
    } 
    } 
}

UPDATE

確保先刪除當前索引以及模板,即

curl -XDELETE localhost:9200/base_map_simple 
curl -XDELETE localhost:9200/_template/logstash

來源

2016-03-09 14:36:17 Val

+0

我得到以下錯誤'''意外的字符('「'(代碼34)):期待逗號分隔對象條目 at [Source:[B @ 41132e21; line:12,column:9] {:class =>「LogStash :: Json :: ParserError」,:level =>:error}'''當運行logstash –

+0

奇怪的是,它對我的​​工作很好。你確定你複製/粘貼上面的模板(並刪除了「<---改變這個」字符)? – Val

+0

還要注意,你需要首先刪除當前索引以及模板,例如'curl -XDELETE localhost:9200/base_map_simple' +'curl -XDELETE localhost:9200/_template/logstash' – Val

相關問題

 相關問題