我一直在提取文档,并且有一个名为location的字段。我一直试图将其设置为geo_point,但它一直在字段名称“[T]”旁边说,我认为这是文本,即使它是表示[lat,lon]的浮点数组也是如此。
在我的Kibana实例中,我进入了索引的模板管理,并尝试在“映射”部分中为该属性位置创建一个新属性,并将其设置为geo_point。之后,我删除了索引,以便重新填充该索引。当我查看索引的映射时,我看到:
{
"mappings": {
"_doc": {
"dynamic": "true",
"_source": {
"includes": [
"*"
],
"excludes": []
},
"dynamic_date_formats": [
"strict_date_optional_time",
"yyyy/MM/dd HH:mm:ss Z||yyyy/MM/dd Z",
"yyyymmdd'T'HH:mm"
],
"date_detection": true,
"numeric_detection": false,
"properties": {
"@timestamp": {
"type": "date",
"ignore_malformed": false
},
"@version": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"bustime-response": {
"properties": {
"error": {
"properties": {
"msg": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"rt": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"vehicle": {
"type": "object"
}
}
},
"des": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"dly": {
"type": "boolean"
},
"hdg": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"lat": {
"type": "float"
},
"location": {
"type": "geo_point"
},
"location-map": {
"type": "geo_point"
},
"lon": {
"type": "float"
},
"mode": {
"type": "long"
},
"origtatripno": {
"type": "long"
},
"pdist": {
"type": "long"
},
"pid": {
"type": "long"
},
"psgld": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"rt": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"rtpidatafeed": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"spd": {
"type": "long"
},
"tablockid": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"tatripid": {
"type": "long"
},
"tmstmp": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"vid": {
"type": "long"
},
"zone": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
}
以下是我拥有的索引模板,该模板主要是从Kibana创建的
PUT _index_template/transit-template
{
"template": {
"settings": {
"index": {
"lifecycle": {
"name": "logstash-policy",
"rollover_alias": "logstash"
},
"number_of_shards": "1",
"refresh_interval": "5s"
}
},
"mappings": {
"_routing": {
"required": false
},
"numeric_detection": false,
"dynamic_date_formats": [
"strict_date_optional_time",
"yyyy/MM/dd HH:mm:ss Z||yyyy/MM/dd Z",
"yyyymmdd'T'HH:mm"
],
"dynamic": true,
"_source": {
"excludes": [],
"includes": [
"*"
],
"enabled": true
},
"date_detection": true,
"properties": {
"location-map": {
"type": "geo_point"
},
"@timestamp": {
"index": true,
"ignore_malformed": false,
"store": false,
"type": "date",
"doc_values": true
},
"location": {
"type": "geo_point"
}
}
}
},
"index_patterns": [
"transit-*"
],
"composed_of": []
}
input {
http_poller {
urls => {
url1 => ""
}
schedule => {
every => "2m"
}
codec => "json"
}
}
filter {
split {
field => "[bustime-response][vehicle]"
}
mutate {
rename => {
"[bustime-response][vehicle][vid]" => "vid"
"[bustime-response][vehicle][rtpidatafeed]" => "rtpidatafeed"
"[bustime-response][vehicle][tmstmp]" => "tmstmp"
"[bustime-response][vehicle][lat]" => "lat"
"[bustime-response][vehicle][lon]" => "lon"
"[bustime-response][vehicle][hdg]" => "hdg"
"[bustime-response][vehicle][pid]" => "pid"
"[bustime-response][vehicle][rt]" => "rt"
"[bustime-response][vehicle][des]" => "des"
"[bustime-response][vehicle][pdist]" => "pdist"
"[bustime-response][vehicle][dly]" => "dly"
"[bustime-response][vehicle][spd]" => "spd"
"[bustime-response][vehicle][tatripid]" => "tatripid"
"[bustime-response][vehicle][origtatripno]" => "origtatripno"
"[bustime-response][vehicle][tablockid]" => "tablockid"
"[bustime-response][vehicle][zone]" => "zone"
"[bustime-response][vehicle][mode]" => "mode"
"[bustime-response][vehicle][psgld]" => "psgld"
}
}
mutate {
add_field => { "location" => ["%{[lat]}","%{[lon]}"] }
add_field => { "[location-map][lat]" => "%{lat}" }
add_field => { "[location-map][lon]" => "%{lon}" }
}
mutate {
convert => {
"location" => "float"
"[location-map][lat]" => "float"
"[location-map][lon]" => "float"
"pid" => "integer"
"pdist" => "integer"
"spd" => "integer"
"tatripid" => "integer"
"vid" => "integer"
"lat" => "float"
"lon" => "float"
"origtatripno" => "integer"
}
}
}
output {
elasticsearch {
hosts => [ "${ES_HOSTS}" ]
user => "${ES_USER}"
password => "${ES_PASSWORD}"
cacert => '/etc/logstash/certificates/ca.crt'
index => "transit-%{+YYYY.MM.dd}"
}
}
最佳答案
确保正确摄取所有这些内容后,您需要管理索引,然后刷新它。因此,所有geo_spacial数据都将从您的模板中应用。
关于elasticsearch - 由于我的位置字段未设置为geo_point,因此无法正确输入提取的数据,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64364248/