elasticsearch 使用kibi在平铺地图中显示位置点

我正在使用logstash2.3.1、elasticsearch 2.3.1和kibi0.3.2。我在使用kibi可视化地图中的位置时遇到问题

我在logstash中有以下配置：

input {  
    file {
        path => "/opt/logstash-2.3.1/logTest/Dades.csv"
        type => "Dades"
        start_position => "beginning"
    }
}

filter {  
    csv {
        columns => ["c1", "c2", "c3", "c4", "c5", "c6", "c7", "c8", "c9", "c10", "c11", "c12", "c13", "c14", "c15", "c16", "c17", "c18", "c19", "c20", "c21", "c22", "c23"]
        separator => ";"
    }

ruby {
        code => "
                temp = event['c17']
        event['c17'] = temp[0..1].to_f+ (temp[2..8].to_f/60)
        temp = event['c19']
        event['c19'] = temp[0..2].to_f+ (temp[3..8].to_f/60)

        "
    }

        mutate {
            convert => { 
            "c3" => "float"
            "c5" => "float"
            "c7" => "float"
            "c9" => "float"
            "c11" => "float"
            "c13" => "float"
            "c15" => "float"
            "c21" => "float"
            "c23" => "float"
        }

    }

    date { 
        match => [ "c1", "dd/MM/YYYY HH:mm:ss.SSS", "ISO8601"]
            target => "ts_date"
    }


    mutate {
            rename => [ "c17", "[location][lat]", 
            "c19", "[location][lon]" ]
    }
}


output {
    elasticsearch { 
        hosts => localhost
        index => "tram3"
        manage_template => false
        template => "tram3_template.json"
        template_name => "tram3"
         template_overwrite => "true"
    }
    stdout {
        codec => rubydebug
    }
}

映射配置文件（tram3_template.json）如下所示：

{
  "template": "tram3",
  "order":    1,
  "settings": {
    "number_of_shards": 1
  },
  "mappings": {
    "tram3": {
      "_all": {
        "enabled": false
      },
      "properties": {
          "location": {
            "type": "geo_point"
        }
      }
    }
  }
}

{
       "message" => "26/02/2016 00:00:22.984;Total;4231.143555;Trac1;26.547932;Trac2;-338.939697;AA1;-364.611511;AA2;3968.135010;Reo1;0.000000;Reo2;0.000000;Latitud;4125.1846;Longitud;00213.5219;Speed;0.000000;CVS;3873.429443;\r",
      "@version" => "1",
    "@timestamp" => "2016-04-25T14:02:52.901Z",
          "path" => "/opt/logstash-2.3.1/logTest/Dades.csv",
          "host" => "ubuntu",
          "type" => "Dades",
            "c1" => "26/02/2016 00:00:22.984",
            "c2" => "Total",
            "c3" => 4231.143555,
            "c4" => "Trac1",
            "c5" => 26.547932,
            "c6" => "Trac2",
            "c7" => -338.939697,
            "c8" => "AA1",
            "c9" => -364.611511,
           "c10" => "AA2",
           "c11" => 3968.13501,
           "c12" => "Reo1",
           "c13" => 0.0,
           "c14" => "Reo2",
           "c15" => 0.0,
           "c16" => "Latitud",
           "c18" => "Longitud",
           "c20" => "Speed",
           "c21" => 0.0,
           "c22" => "CVS",
           "c23" => 3873.429443,
      "column24" => nil,
       "ts_date" => "2016-02-25T23:00:22.984Z",
      "location" => {
        "lat" => 41.41974333333334,
        "lon" => 2.22535
    }
}

当我将de csv文件导入elasticsearch时，似乎一切正常。输出如下所示：

{
  "template": "tram3",
  "order":    1,
  "settings": {
    "number_of_shards": 1
  },
  "mappings": {
    "tram3": {
      "_all": {
        "enabled": false
      },
      "properties": {
          "location": {
            "type": "geo_point"
        }
      }
    }
  }
}

{
       "message" => "26/02/2016 00:00:22.984;Total;4231.143555;Trac1;26.547932;Trac2;-338.939697;AA1;-364.611511;AA2;3968.135010;Reo1;0.000000;Reo2;0.000000;Latitud;4125.1846;Longitud;00213.5219;Speed;0.000000;CVS;3873.429443;\r",
      "@version" => "1",
    "@timestamp" => "2016-04-25T14:02:52.901Z",
          "path" => "/opt/logstash-2.3.1/logTest/Dades.csv",
          "host" => "ubuntu",
          "type" => "Dades",
            "c1" => "26/02/2016 00:00:22.984",
            "c2" => "Total",
            "c3" => 4231.143555,
            "c4" => "Trac1",
            "c5" => 26.547932,
            "c6" => "Trac2",
            "c7" => -338.939697,
            "c8" => "AA1",
            "c9" => -364.611511,
           "c10" => "AA2",
           "c11" => 3968.13501,
           "c12" => "Reo1",
           "c13" => 0.0,
           "c14" => "Reo2",
           "c15" => 0.0,
           "c16" => "Latitud",
           "c18" => "Longitud",
           "c20" => "Speed",
           "c21" => 0.0,
           "c22" => "CVS",
           "c23" => 3873.429443,
      "column24" => nil,
       "ts_date" => "2016-02-25T23:00:22.984Z",
      "location" => {
        "lat" => 41.41974333333334,
        "lon" => 2.22535
    }
}

但当我尝试在地图中可视化位置参数时，它不会显示任何结果：

---

我不知道我做错了什么。为什么位置点没有出现在地图中？

在ES映射文件中，您可能需要启用

geohash

子字段的存储（默认为false），因为没有它geohash聚合无法工作

{
  "template": "tram3",
  "order":    1,
  "settings": {
    "number_of_shards": 1
  },
  "mappings": {
    "tram3": {
      "_all": {
        "enabled": false
      },
      "properties": {
          "location": {
            "type": "geo_point",
            "geohash": true,           <-- add this
            "geohash_prefix": true     <-- add this
        }
      }
    }
  }
}

您的

elasticsearch

输出应该如下所示，即，

manage\u template

应该为true，并使用指向

dades2\u template.json的完整路径（确保使用实际路径名将
/full/path/to
更改为

elasticsearch { 
    hosts => localhost
    index => "dades2"
    manage_template => true
    template => "/full/path/to/dades2_template.json"
    template_name => "dades2"
    template_overwrite => "true"
}

新的

dades2_template.json

文件应该如下所示

{
  "template": "dades2",
  "order":    1,
  "settings": {
    "number_of_shards": 1
  },
  "mappings": {
    "dades2": {
      "_all": {
        "enabled": false
      },
      "properties": {
          "location": {
            "type": "geo_point",
            "geohash": true,
            "geohash_prefix": true
        }
      }
    }
  }
}

---

感谢您的回复！我已在地图文件中添加了

“geohash”：true

和

“geohash\u prefix”：true

，并且地图中不显示地质点：（您是否删除了索引并从头开始重新创建它+重新索引了您的数据？是的，我已使用不同的名称和新的映射文件创建了一个新索引。您是否在Kibana聚合中选择了

location.geohash

字段？在存储桶中，我选择了

geohash

Agregation和

location

字段