Good afternoon,
I have been working on trying to force a field to be a geo_point but the field resides inside of a field inside of a document. I am using elasicsearch 1.7 and working on getting all of the fields to match so I can upgrade to 2.3.1. Example of the current dynamic created mapping:
{
"index-2016.01.01" : {
"mappings" : {
"document" : {
"properties" : {
"geoip" : {
"properties" : {
"location" : {
"type" : "double"
}
}
}
}
}
}
}
}
Now I have several documents that have the exact same structure and I would like to add it to my default mapping so that for each new index it gets mapped as a geo_point. So far I have not been able to get this to happen it just keeps coming in as a double. Below is my current default-mapping.json
{
"_default_" : {
"properties" : {
"level" : {
"type" : "string",
"norms" : {
"enabled" : false
}
},
"line" : {
"type" : "string",
"norms" : {
"enabled" : false
}
},
"geoip" : {
"properties" : {
"location" : {
"type" : "geo_point"
}
}
}
}
}
}
Any help would be greatly appreciated. I have tried simplifying it down to just the location:type:geo_point, I have tried removing other steps in-between to no avail.
Here is an example of a document:
{
"_index": "logstash-2016.04.14",
"_type": "nginx-access",
"_id": "AVQV6PXtpRWl9K_VbKfj",
"_score": null,
"_source": {
"message": "172.16.120.108 - - [14/Apr/2016:12:54:24 -0500] \"GET /center-unit-service/find-by-building/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4?building=142 HTTP/1.1\" 200 119 \"https://lwhwms-dev7.corp.good-sam.com/participant-form/new/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36\" 0.239 \"lwhwms-dev7.corp.good-sam.com\"",
"clientip": "172.16.120.108",
"ident": "-",
"auth": "-",
"verb": "GET",
"request": "/center-unit-service/find-by-building/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4?building=142",
"httpversion": "1.1",
"response": "200",
"bytes": 119,
"referer": "https://lwhwms-dev7.corp.good-sam.com/participant-form/new/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4",
"agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36",
"response_time": 0.239,
"server_name": "lwhwms-dev7.corp.good-sam.com",
"env": "dev7",
"host": "moses-web1-dev",
"type": "nginx-access",
"source": "/var/log/nginx/lwhwms-access.log",
"timestamp": "2016-04-14T12:54:24.000-0500",
"parsestamp": "2016-04-14T12:54:27.965-0500",
"application": "lwhwms",
"@version": "1",
"@timestamp": "2016-04-14T17:54:24.000Z",
"geoip": {
"ip": "172.16.120.108",
"country_code2": "US",
"country_code3": "USA",
"country_name": "United States",
"continent_code": "NA",
"city_name": "0010 - National Campus",
"postal_code": "57117",
"latitude": 43.50120000000001,
"longitude": -96.786,
"dma_code": 0,
"area_code": 0,
"location": [
-96.786,
43.50120000000001
]
},
"ua": {
"name": "Chrome",
"os": "Windows 7",
"os_name": "Windows 7",
"device": "Other",
"major": "49",
"minor": "0",
"patch": "2623"
},
"referrer": null
},
"sort": [
1460656464000,
1460656464000
]
}
Thank you in advance for any help.
Here is what my final answer ended up looking like. Again thank you to everyone that responded and I hope this will help some other newbies to the ELK world.
{
"template_1" : {
"template" : "*",
"mappings" : {
"_default_" : {
"dynamic_templates" : [
{
"geoip-location" : {
"path_match" : "geoip.location",
"mapping" : {
"type" : "geo_point"
}
}
},
{
"geoip-ip" : {
"path_match" : "geoip.ip",
"mapping" : {
"type" : "string",
"norms" : { "enabled" : false }
}
}
},
{
"level-string" : {
"match" : "level",
"mapping" : {
"type" : "string",
"norms" : { "enabled" : false }
}
}
},
{
"line-string" : {
"match" : "line",
"mapping" : {
"type" : "string",
"norms" : { "enabled" : false }
}
}
}
]
}
}
}
}
Can you use a dynamic template?
{
"mappings":{
"_default_":{
"dynamic_templates":[
{
"geoip":{
"path_match":"geoip.location",
"mapping":{
"type":"geo_point"
}
}
}
]
}
}
}
You can change _ default_ to the name of your index