我们正在尝试使用ELK版本6.3中的.conf文件和.json(模板文件)将数据推送到elasticsearch . 最初,我们使用模板文件成功地将数据推送到ELK 4.x版本,并能够在 Map 上渲染点 . 但是在新版本中,使用/不使用模板文件,lat和lon只被视为Kibana中的数字 .
我们如何推动lat,lon使其具有地缘点类型?我们正在尝试使用logstash配置文件来推送数据 .
这是我们的.conf文件:
[input
{
file
{
path => "/home/ubuntu/file.csv"
start_position => "beginning"
}
}
filter {
csv {
separator => ","
columns => \[
"CASCADE",
"Accessibility",
"Sustainability",
"CONNECTION_FAIL_per",
"RRC_CONNECTION_ATTEMPT",
"eCSFB_to_CDMA1XRTT_Exe_Succ_Count",
"eCSFB_Preparation_Success_Rate",
"eCSFB_Overall_Success_Rate",
"CSFB_Attempts",
"Total_PUCCH_PRB_UL_per",
"lat",
"lon"
\]
}
mutate { convert => {"lat" => "float"} }
mutate { convert => {"lon" => "float"} }
mutate { rename => {"lat" => "\[location\]\[lat\]"} }
mutate { rename => {"lon" => "\[location\]\[lon\]"} }
}
output {
elasticsearch {
template => "/usr/share/elasticsearch/new.json"
template_overwrite => true
hosts => "localhost:9200"
index => "new"
workers => 1
}
stdout {}
}
template file : new.json
{
"template" : "new",
"settings" : {
"index.refresh_interval" : "5s"
},
"mappings" : {
"_default_" : {
"_all" : {"enabled" : true, "omit_norms" : true},
"dynamic_templates" : \[ {
"message_field" : {
"match" : "message",
"match_mapping_type" : "string",
"mapping" : {
"type" : "string", "index" : "analyzed", "omit_norms" : true,
"fielddata" : { "format" : "disabled" }
}
}
}, {
"string_fields" : {
"match" : "*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "string", "index" : "analyzed", "omit_norms" : true,
"fielddata" : { "format" : "disabled" },
"fields" : {
"raw" : {"type": "string", "index" : "not_analyzed", "ignore_above" : 256}
}
}
}
} \],
"properties" : {
"@timestamp": { "type": "date" },
"@version": { "type": "string", "index": "not_analyzed" },
"geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"lat" : { "type" : "float" },
"lon" : { "type" : "float" }
}
},
"location" : { "type": "geo_point" }
}
}
}
}]
请告诉我们如何转换为Geo-point