0
我正在運行Elasticsearch版本1.5.2。 Logstash 1.5.4版。Elasticsearch geoip.location映射爲double而不是geo_point
大多數logstash設置爲默認:
geoip {
source => "ipaddress"
}
output {
elasticsearch {
host => "127.0.0.1"
port => 9200
protocol => http
user => searchguard
password => somepassword
}
在Kibana,當我嘗試建立瓦片地圖,我看到這個錯誤:
"No Compatible Fields: The "[logstash-]YYYY.MM.DD" index pattern does not contain any of the following field types: geo_point"
我檢查了映射 「http://localhost:9200/logstash-2015.09.15?pretty」 和geoip.location被映射爲double而不是geo_point。
任何建議如何正確映射?
更多信息:
捲曲-XGET本地主機:9200/logstash - 2015年9月15日/ _mapping
{
"logstash-2015.09.15": {
"mappings": {
"logs": {
"properties": {
"@timestamp": {
"type": "date",
"format": "dateOptionalTime"
},
"@version": {
"type": "string"
},
"csbytes": {
"type": "long"
},
"geoip": {
"properties": {
"area_code": {
"type": "long"
},
"city_name": {
"type": "string"
},
"continent_code": {
"type": "string"
},
"country_code2": {
"type": "string"
},
"country_code3": {
"type": "string"
},
"country_name": {
"type": "string"
},
"dma_code": {
"type": "long"
},
"ip": {
"type": "string"
},
"latitude": {
"type": "double"
},
"location": {
"type": "double"
},
"longitude": {
"type": "double"
},
"postal_code": {
"type": "string"
},
"real_region_name": {
"type": "string"
},
"region_name": {
"type": "string"
},
"timezone": {
"type": "string"
}
}
},
"ipaddress": {
"type": "string"
},
"log_timestamp": {
"type": "string"
},
"message": {
"type": "string"
},
"method": {
"type": "string"
},
"referer": {
"type": "string"
},
"scbytes": {
"type": "long"
},
"scstatus": {
"type": "long"
},
"tags": {
"type": "string"
},
"timetaken": {
"type": "long"
},
"useragent": {
"type": "string"
},
"username": {
"type": "string"
}
}
}
}
}
}
捲曲-XGET本地主機:9200/_template/logstash
這是空{ }
我使用的是默認值。我沒有編輯默認模板。
您可以使用'curl -XGET localhost:9200/logstash-2015.09.15/_mapping'的輸出和'curl -XGET localhost: 9200/_template/logstash'? – Val
Anwer的可能很清楚。如果沒有預定義的'geoip'映射,Elasticsearch將始終將其作爲'double \'的數組索引。你需要在你的模板中指定。它也適用於數據類型,如IP。輸出更新 –
。 – Dhrumil