我正在运行Elasticsearch 1.5.2版。 Logstash版本1.5.4。
大多数logstash设置都是默认设置:
geoip {
source => "ipaddress"
}
output {
elasticsearch {
host => "127.0.0.1"
port => 9200
protocol => http
user => searchguard
password => somepassword
}
在Kibana,当我尝试设置平铺地图时,我看到了这个错误:
"没有兼容字段:" [logstash-] YYYY.MM.DD" index pattern不包含以下任何字段类型:geo_point"
我查看了地图" http://localhost:9200/logstash-2015.09.15?pretty"和geoip.location映射为double而不是geo_point。
有关如何正确映射此内容的任何建议吗?
更多信息:
curl -XGET localhost:9200 / logstash-2015.09.15 / _mapping
{
"logstash-2015.09.15": {
"mappings": {
"logs": {
"properties": {
"@timestamp": {
"type": "date",
"format": "dateOptionalTime"
},
"@version": {
"type": "string"
},
"csbytes": {
"type": "long"
},
"geoip": {
"properties": {
"area_code": {
"type": "long"
},
"city_name": {
"type": "string"
},
"continent_code": {
"type": "string"
},
"country_code2": {
"type": "string"
},
"country_code3": {
"type": "string"
},
"country_name": {
"type": "string"
},
"dma_code": {
"type": "long"
},
"ip": {
"type": "string"
},
"latitude": {
"type": "double"
},
"location": {
"type": "double"
},
"longitude": {
"type": "double"
},
"postal_code": {
"type": "string"
},
"real_region_name": {
"type": "string"
},
"region_name": {
"type": "string"
},
"timezone": {
"type": "string"
}
}
},
"ipaddress": {
"type": "string"
},
"log_timestamp": {
"type": "string"
},
"message": {
"type": "string"
},
"method": {
"type": "string"
},
"referer": {
"type": "string"
},
"scbytes": {
"type": "long"
},
"scstatus": {
"type": "long"
},
"tags": {
"type": "string"
},
"timetaken": {
"type": "long"
},
"useragent": {
"type": "string"
},
"username": {
"type": "string"
}
}
}
}
}
}
curl -XGET localhost:9200 / _template / logstash
这是空的{}
我正在使用默认值。我没有编辑默认模板。