- elasticsearch/
elasticsearch 使用麋鹿堆栈绘制平铺贴图
elasticsearch 使用麋鹿堆栈绘制平铺贴图
我正在尝试用Kibana创建一个平铺贴图。我的conf文件logstash工作正常,并生成Kibana绘制平铺图所需的所有内容。这是我的档案:
input {
file {
path => "/home/ec2-user/part.csv"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
csv {
separator => ","
columns => ["kilo_bytes_total","ip","session_number","request_number_total","duration_minutes_total","referer_list","filter_match_count_avg","request_number_avg","duration_minutes_avg","kilo_bytes_avg","segment_duration_avg","req_by_minute_avg","segment_mix_rank_avg","offset_avg_avg","offset_std_avg","extrem_interval_count_avg","pf0_avg","pf1_avg","pf2_avg","pf3_avg","pf4_avg","code_0_avg","code_1_avg","code_2_avg","code_3_avg","code_4_avg","code_5_avg","volume_classification_filter_avg","code_classification_filter_avg","profiles_classification_filter_avg","strange_classification_filter_avg"]
}
geoip {
source => "ip"
database => "/home/ec2-user/logstash-5.2.0/GeoLite2-City.mmdb"
target => "geoip"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
add_tag => "geoip"
}
mutate {
convert => [ "[geoip][coordinates]", "float"]
}
}
output {
elasticsearch {
index => "geotrafficip"
}
}
有人能给我一些反馈吗?谢谢 如果您在Kibana设置中查找索引,则至少需要一个字段显示一种地理点类型,才能在地图上获取任何内容 如果您还没有geo_point字段,则需要在为geoip.coordinates字段设置适当的映射后重新索引数据。例如: 如果您使用的是相对较新版本的Elasticsearch 2.3或更高版本,则重新索引数据相对容易。您需要创建具有正确映射的新索引,使用重新索引API将数据复制到新索引,删除原始索引,然后重新索引回原始名称。您使用的geoip筛选器错误,正在尝试将经度和纬度转换为浮动。去掉你的变异过滤器,把geoip过滤器改成这个
geoip {
source => "ip"
fields => ["latitude","longitude"]
add_tag => "geoip"
}