Skip to content
This repository has been archived by the owner on Nov 16, 2023. It is now read-only.
This repository has been archived by the owner on Nov 16, 2023. It is now read-only.

*_geolocation using type:"geo_point" #7

Closed
shanipribadi opened this issue Apr 1, 2016 · 9 comments
Closed

*_geolocation using type:"geo_point" #7

shanipribadi opened this issue Apr 1, 2016 · 9 comments
Labels
feature triaged

Comments

@shanipribadi
Copy link

Hello,
I was trying out graylog2 map widget and trying to compare it with kibana map visualization. I tried to visualize the *_geolocation fields in kibana but apparently the type mapping is string, so it cannot be visualized in kibana. So I added

{
            "geolocation": {
              "mapping": {
                "type": "geo_point"
              },
              "match": "*_geolocation"
            }
},

to _template/graylog-internal mapping.
After that all graylong geoip resolver fields are mapped as geo_point and can be visualized in kibana.

But this apparently makes it impossible to visualize the same field in graylog map widget, returning

Could not load map information
Loading map information failed: cannot POST http://127.0.0.1:12900/plugins/org.graylog.plugins.map/mapdata (500)

What is the preferred way to do this?

Thank you
@kroepke
Copy link
Member

kroepke commented Apr 21, 2016

Graylog currently doesn't support the geo_point mapping type, correct.
If you want to use both, you could use a copy_to mapping parameter in a custom index template to create a second field for use with kibana:
https://www.elastic.co/guide/en/elasticsearch/reference/current/copy-to.html

@Nyanyah
Copy link

Nyanyah commented Sep 15, 2016
edited
Loading

I am interested in visualizing the geolocation fields in kibana only. May I ask where you added that part in the template please ?
Also, doesn't the graylog internal template ovewrite your change after you create a new index ?

@joschi joschi added the feature label Sep 29, 2016
@joschi joschi mentioned this issue Sep 30, 2016
Closed
@matthgyver
Copy link

I've read documentation about custom index mapping but I can't add custom mapping to "convert" string field as geo_point.
What is the JSON qury to do that please ?

@joschi
Copy link
Contributor

joschi commented Sep 30, 2016

@matthgyver That's not possible. See @kroepke's comment for a link to the Elasticsearch documentation and the copy_to mapping type.

@matthgyver
Copy link

@joschi I'll take a look. I've think that it was possible because shanipribadi say that he have do that in the first message of this issue

@matthgyver
Copy link

I'm triyng copy_to but I think that I'm too noob sorry ...
Is it possible to copy all data from field name are "*_geolocation" to a unique field ?
Have you an example of json query to do that as custom mapping please ?

@joschi
Copy link
Contributor

joschi commented Oct 4, 2016

@matthgyver We are using GitHub issues for tracking bugs in Graylog itself, but this doesn't look like one. Please post this issue to our public mailing list or join the #graylog channel on freenode IRC.

Thank you!

@matthgyver
Copy link

@joschi OK sorry.

@jalogisch
Copy link

as this is dup of Graylog2/graylog2-server#2113 this will be closed

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
feature triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@joschi @kroepke @jalogisch @shanipribadi @matthgyver @Nyanyah