elasticsearch - Unable to show location in tile map of kibana -


i using elasticsearch-1.5.1, kibana-4.0.2-linux-x86, logstash-1.4.2. logstash conf this

input{      redis{          data_type=>'list'  		key=>'pace'  		password=>'bhushan'  		type=>pace      }  }filter {  	geoip {  		source => "mdc.ip"  		target => "geoip"  		database => "/opt/logstash-1.4.2/vendor/geoip/geolitecity.dat"  		add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]  		add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]  	}  }    output{      if[type]=="pace"{          elasticsearch{             template_overwrite => true             host=>localhost     index=>'pace'     template => "/opt/logstash-1.4.2/mytemplates/elasticsearch-template.json"     template_name => "bhushan"          }      }  	  	stdout{          codec=>rubydebug      }  }
elasticsearch-template.json is

{    "template" : "bhushan",    "settings" : {      "index.refresh_interval" : "5s"    },    "mappings" : {      "_default_" : {         "_all" : {"enabled" : true},         "dynamic_templates" : [ {           "string_fields" : {             "match" : "*",             "match_mapping_type" : "string",             "mapping" : {               "type" : "string", "index" : "analyzed", "omit_norms" : true,                 "fields" : {                   "raw" : {"type": "string", "index" : "not_analyzed", "ignore_above" : 256}                 }             }           }         } ],         "properties" : {           "@version": { "type": "string", "index": "not_analyzed" },           "geoip"  : {             "type" : "object",               "dynamic": true               "properties" : {                 "location" : { "type" : "geo_point" }               }           }         }      }    }  }

when url curl http://localhost:9200/pace/_mapping/pace/field/geoip.location?pretty

{   "pace" : {     "mappings" : {       "pace" : {         "geoip.location" : {           "full_name" : "geoip.location",           "mapping" : {             "location" : {               "type" : "double"             }           }         }       }     }   } }

example of log record like

{     "thread_name" => "main",          "mdc.ip" => "14.x.x.x",         "message" => "hii, m in info",      "@timestamp" => "2015-05-15t10:18:32.904+05:30",           "level" => "info",            "file" => "test.java",           "class" => "the.bhushan.log.test.test",     "line_number" => "15",     "logger_name" => "bhushan",          "method" => "main",        "@version" => "1",            "type" => "pace",           "geoip" => {                       "ip" => "14.x.x.x",            "country_code2" => "in",            "country_code3" => "ind",             "country_name" => "india",           "continent_code" => "as",              "region_name" => "16",                "city_name" => "mumbai",                 "latitude" => 18.974999999999994,                "longitude" => 72.82579999999999,                 "timezone" => "asia/calcutta",         "real_region_name" => "maharashtra",                 "location" => [             [0] 72.82579999999999,             [1] 18.974999999999994         ],              "coordinates" => [             [0] "72.82579999999999",             [1] "18.974999999999994"         ]     } }

i thought problem same this, did mention in link deleting old index , restarting of ls , es no luck. appreciated.

your logstash filter storing coordinates in field geoip.coordinates, in elasticsearch-template.json mapping field called geoip.location. shows in sample log record can see 2 fields location , coordinates in geoip sub-object.

i think if change in logstash filter, might good:

from this

add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ] add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]

to this

add_field => [ "[geoip][location]", "%{[geoip][longitude]}" ] add_field => [ "[geoip][location]", "%{[geoip][latitude]}" ]

updates

  1. the 2 add_field directives in geoip filter can removed unnecessary
  2. "path": "full" can removed it's been deprecated since es v1.0
  3. the template name should pace instead of bushan, i.e. name of index log records stored.

Comments

Post a Comment

Popular posts from this blog

Email notification in google apps script -

https://support.google.com/docs/answer/91588?hl=en i have sheet the cells filled in data pulled via apps script, website. pull in exact same data, not. on old sheets version use able emails when data "changes" different value. new sheets, email when new data pasted cells, though exact same data......and, can't set @ ranges anymore, entire document. there easy way watch cells when data changes, , email myself? this looks lot you're trying do. for checking whether value has changed after edit, this gives necessary information it. hence, know whether new value same 1 or not. implementing "workaround" talked in second link, able compare , send email myself if value changed. initiate onedit trigger goes off onedit function uses these lines after checks in place have passed. var email = "xyz@whatever.com"; mailapp.sendemail(email, "triggermail", "a change has occurred in sheet"); note: sends "notification...
Read more

c++ - Difference between pre and post decrement in recursive function argument -

i have following sample code used pre-decrement void function(int c) { if(c == 0) { return; } else { cout << "dp" << c << endl; function(--c); cout << c << endl; return; } } this function give output input 4 : dp3 dp2 dp1 dp0 0 1 2 3 but when use post decrement void function(int c) { if(c == 0) { return; } else { cout << "dp" << c << endl; function(c--); cout << c << endl; return; } } output goes in infinite loop dp4 can explain me in detail why happens ? this happens because function(c--) called same value of c , when finishes c decremented. recursively called, hence called same value no chance of return , hit stack overflow error. assume this, int x = 1, y = 0; y = x++ result y == 1 , x == 2. if y = ++x , bot x , y 2.
Read more

javascript - IE11 incompatibility with jQuery's 'readonly'? -

the code i'm running has no issues in firefox, or chrome. user typing 1 textbox, tabs next , can continue typing that. when run webpage on ie11, user tabs next textbox , can't type in. textbox has double-clicked before user can insert anything. i've googled , seems ie give problems when using older jquery (i.e. prefers 'prop' 'attr' ). in code below jquery's readonly keyword being used in way ie11 no longer recognise/accept? i assume issue readonly , removeclass('ignore') working expected. //when focus on textbox 1 $("#field1").focus(function() { //remove readonly property textbox 1 $('#field1').prop('readonly', false).removeclass('ignore'); //add readonly property other textboxes $('#field2, #field3, #field4') .prop('readonly', 'readonly').addclass('ignore').val(''); }); i'm using jquery 2.1.3 ...
Read more