我正在运行Elasticsearch版本1.5.2 . Logstash 1.5.4版 .
大多数logstash设置都是默认设置:
geoip {
source => "ipaddress"
}
output {
elasticsearch {
host => "127.0.0.1"
port => 9200
protocol => http
user => searchguard
password => somepassword
}
在Kibana,当我尝试设置tile map时,我看到了这个错误:
“无可兼容字段:”[logstash-] YYYY.MM.DD“索引模式不包含以下任何字段类型:geo_point”
我检查了映射“http://localhost:9200/logstash-2015.09.15?pretty”,geoip.location映射为double而不是geo_point .
有任何建议如何正确映射?
更多信息:
curl -XGET localhost:9200 / logstash-2015.09.15 / _mapping
{
"logstash-2015.09.15": {
"mappings": {
"logs": {
"properties": {
"@timestamp": {
"type": "date",
"format": "dateOptionalTime"
},
"@version": {
"type": "string"
},
"csbytes": {
"type": "long"
},
"geoip": {
"properties": {
"area_code": {
"type": "long"
},
"city_name": {
"type": "string"
},
"continent_code": {
"type": "string"
},
"country_code2": {
"type": "string"
},
"country_code3": {
"type": "string"
},
"country_name": {
"type": "string"
},
"dma_code": {
"type": "long"
},
"ip": {
"type": "string"
},
"latitude": {
"type": "double"
},
"location": {
"type": "double"
},
"longitude": {
"type": "double"
},
"postal_code": {
"type": "string"
},
"real_region_name": {
"type": "string"
},
"region_name": {
"type": "string"
},
"timezone": {
"type": "string"
}
}
},
"ipaddress": {
"type": "string"
},
"log_timestamp": {
"type": "string"
},
"message": {
"type": "string"
},
"method": {
"type": "string"
},
"referer": {
"type": "string"
},
"scbytes": {
"type": "long"
},
"scstatus": {
"type": "long"
},
"tags": {
"type": "string"
},
"timetaken": {
"type": "long"
},
"useragent": {
"type": "string"
},
"username": {
"type": "string"
}
}
}
}
}
}
curl -XGET localhost:9200 / _template / logstash
这是空的{}
我正在使用默认值 . 我没有编辑默认模板 .
1 回答
看看这个geo-point data type .
geo_point的映射只能手动设置(if i am not mistaken)