我一直在接收文档,我有一个字段叫做location。我一直试图将它设置为一个geo_点,但它一直在字段名“[t]”旁边显示,我认为它意味着文本,即使它是一个表示[lat,lon]的浮点数组。
在我的kibana示例中,我转到了索引的模板管理,并尝试在属性位置的mappings部分中创建一个新属性,并将其设置为geo\u点。。之后,我删除索引,以便它重新填充。当我查看索引的Map时,我看到:
{
"mappings": {
"_doc": {
"dynamic": "true",
"_source": {
"includes": [
"*"
],
"excludes": []
},
"dynamic_date_formats": [
"strict_date_optional_time",
"yyyy/MM/dd HH:mm:ss Z||yyyy/MM/dd Z",
"yyyymmdd'T'HH:mm"
],
"date_detection": true,
"numeric_detection": false,
"properties": {
"@timestamp": {
"type": "date",
"ignore_malformed": false
},
"@version": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"bustime-response": {
"properties": {
"error": {
"properties": {
"msg": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"rt": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"vehicle": {
"type": "object"
}
}
},
"des": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"dly": {
"type": "boolean"
},
"hdg": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"lat": {
"type": "float"
},
"location": {
"type": "geo_point"
},
"location-map": {
"type": "geo_point"
},
"lon": {
"type": "float"
},
"mode": {
"type": "long"
},
"origtatripno": {
"type": "long"
},
"pdist": {
"type": "long"
},
"pid": {
"type": "long"
},
"psgld": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"rt": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"rtpidatafeed": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"spd": {
"type": "long"
},
"tablockid": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"tatripid": {
"type": "long"
},
"tmstmp": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"vid": {
"type": "long"
},
"zone": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
}
您可以在上面看到,它显示了对象和类型,但当我接收信息时,它似乎没有接收,也没有将其记录为地理空间数据。
我的索引名是:transit-[日期]
我的索引模板应用于:运输-*
下面是我的索引模板,它主要是从kibana创建的
PUT _index_template/transit-template
{
"template": {
"settings": {
"index": {
"lifecycle": {
"name": "logstash-policy",
"rollover_alias": "logstash"
},
"number_of_shards": "1",
"refresh_interval": "5s"
}
},
"mappings": {
"_routing": {
"required": false
},
"numeric_detection": false,
"dynamic_date_formats": [
"strict_date_optional_time",
"yyyy/MM/dd HH:mm:ss Z||yyyy/MM/dd Z",
"yyyymmdd'T'HH:mm"
],
"dynamic": true,
"_source": {
"excludes": [],
"includes": [
"*"
],
"enabled": true
},
"date_detection": true,
"properties": {
"location-map": {
"type": "geo_point"
},
"@timestamp": {
"index": true,
"ignore_malformed": false,
"store": false,
"type": "date",
"doc_values": true
},
"location": {
"type": "geo_point"
}
}
}
},
"index_patterns": [
"transit-*"
],
"composed_of": []
}
如果这是一个与我的logstash配置文件的问题,我会附上,以防不知何故,我摄入不正确。
input {
http_poller {
urls => {
url1 => ""
}
schedule => {
every => "2m"
}
codec => "json"
}
}
filter {
split {
field => "[bustime-response][vehicle]"
}
mutate {
rename => {
"[bustime-response][vehicle][vid]" => "vid"
"[bustime-response][vehicle][rtpidatafeed]" => "rtpidatafeed"
"[bustime-response][vehicle][tmstmp]" => "tmstmp"
"[bustime-response][vehicle][lat]" => "lat"
"[bustime-response][vehicle][lon]" => "lon"
"[bustime-response][vehicle][hdg]" => "hdg"
"[bustime-response][vehicle][pid]" => "pid"
"[bustime-response][vehicle][rt]" => "rt"
"[bustime-response][vehicle][des]" => "des"
"[bustime-response][vehicle][pdist]" => "pdist"
"[bustime-response][vehicle][dly]" => "dly"
"[bustime-response][vehicle][spd]" => "spd"
"[bustime-response][vehicle][tatripid]" => "tatripid"
"[bustime-response][vehicle][origtatripno]" => "origtatripno"
"[bustime-response][vehicle][tablockid]" => "tablockid"
"[bustime-response][vehicle][zone]" => "zone"
"[bustime-response][vehicle][mode]" => "mode"
"[bustime-response][vehicle][psgld]" => "psgld"
}
}
mutate {
add_field => { "location" => ["%{[lat]}","%{[lon]}"] }
add_field => { "[location-map][lat]" => "%{lat}" }
add_field => { "[location-map][lon]" => "%{lon}" }
}
mutate {
convert => {
"location" => "float"
"[location-map][lat]" => "float"
"[location-map][lon]" => "float"
"pid" => "integer"
"pdist" => "integer"
"spd" => "integer"
"tatripid" => "integer"
"vid" => "integer"
"lat" => "float"
"lon" => "float"
"origtatripno" => "integer"
}
}
}
output {
elasticsearch {
hosts => [ "${ES_HOSTS}" ]
user => "${ES_USER}"
password => "${ES_PASSWORD}"
cacert => '/etc/logstash/certificates/ca.crt'
index => "transit-%{+YYYY.MM.dd}"
}
}
1条答案
按热度按时间u2nhd7ah1#
在确保所有这些都被正确接收之后,您需要管理索引,然后刷新它。因此,所有地理空间数据都将从模板中应用。