堆栈内存溢出
  简体   繁体   English

CSV地理数据使用logstash作为geo_point类型进入elasticsearch

[英]CSV geodata into elasticsearch as a geo_point type using logstash

 原文  2016-03-07 12:59:35       elasticsearch/ logstash

问题描述

Below is a reproducible example of the problem I am having using to most recent versions of logstash and elasticsearch. 下面是我用于最新版本的logstash和elasticsearch的问题的可重现示例。

I am using logstash to input geospatial data from a csv into elasticsearch as geo_points. 我使用logstash将地理空间数据从csv输入到elasticsearch作为geo_points。

The CSV looks like the following: CSV如下所示: 

$ head simple_base_map.csv 
"lon","lat"
-1.7841,50.7408
-1.7841,50.7408
-1.78411,50.7408
-1.78412,50.7408
-1.78413,50.7408
-1.78414,50.7408
-1.78415,50.7408
-1.78416,50.7408
-1.78416,50.7408

I have create a mapping template that looks like the following: 我创建了一个如下所示的映射模板: 

$ cat simple_base_map_template.json 
{
  "template": "base_map_template",
  "order":    1,
  "settings": {
    "number_of_shards": 1
  },

      "mappings": {
        "node_points" : {
          "properties" : {
            "location" : { "type" : "geo_point" }
          }
        }
      }
}

and have a logstash config file that looks like the following: 并有一个logstash配置文件,如下所示: 

$ cat simple_base_map.conf 
input {
  stdin {}
}

filter {
  csv {
      columns => [
        "lon", "lat"
      ]
  }

  if [lon] == "lon" {
      drop { }
  } else {
      mutate {
          remove_field => [ "message", "host", "@timestamp", "@version"     ]
      }
       mutate {
          convert => { "lon" => "float" }
          convert => { "lat" => "float" }
          }

      mutate {
          rename => {
              "lon" => "[location][lon]"
              "lat" => "[location][lat]"
          }
      }
  }
}

output {
  stdout { codec => dots }
  elasticsearch {
      index => "base_map_simple"
      template => "simple_base_map_template.json"
      document_type => "node_points"
  }
}

I then run the following: 然后我运行以下内容: 

$cat simple_base_map.csv | logstash-2.1.3/bin/logstash -f simple_base_map.conf 
Settings: Default filter workers: 16
Logstash startup completed
....................................................................................................Logstash shutdown completed

However when looking at the index base_map_simple, it suggests the documents would not have a location: geo_point type in it...and rather it would be two doubles of lat and lon. 但是当查看索引base_map_simple时,它表明文档中没有位置:geo_point类型...而且它将是lat和lon的两个双倍。 

$ curl -XGET 'localhost:9200/base_map_simple?pretty'
{
  "base_map_simple" : {
    "aliases" : { },
    "mappings" : {
      "node_points" : {
        "properties" : {
          "location" : {
            "properties" : {
              "lat" : {
                "type" : "double"
              },
              "lon" : {
                "type" : "double"
              }
            }
          }
        }
      }
    },
    "settings" : {
      "index" : {
        "creation_date" : "1457355015883",
        "uuid" : "luWGyfB3ToKTObSrbBbcbw",
        "number_of_replicas" : "1",
        "number_of_shards" : "5",
        "version" : {
          "created" : "2020099"
        }
      }
    },
    "warmers" : { }
  }
}

How would i need to change any of the above files to ensure that it goes into elastic search as a geo_point type? 我如何更改上述任何文件以确保它作为geo_point类型进入弹性搜索?

Finally, I would like to be able to carry out a nearest neighbour search on the geo_points by using a command such as the following: 最后,我希望能够使用如下命令在geo_points上执行最近邻搜索: 

curl -XGET 'localhost:9200/base_map_simple/_search?pretty' -d'
{
    "size": 1,
    "sort": {
   "_geo_distance" : {
       "location" : {
            "lat" : 50,
            "lon" : -1
        },
        "order" : "asc",
        "unit": "m"
   } 
    }
}'

Thanks 谢谢

1 个解决方案

解决方案1
 3 已采纳  2016-03-09 14:36:17

The problem is that in your elasticsearch output you named the index base_map_simple while in your template the template property is base_map_template , hence the template is not being applied when creating the new index. 问题是,在elasticsearch输出中,您将索引命名为base_map_simple而在模板中, template属性为base_map_template ,因此在创建新索引时不会应用模板。 The template property needs to somehow match the name of the index being created in order for the template to kick in. template属性需要以某种方式匹配正在创建的索引的名称,以便模板启动。

It will work if you simply change the latter to base_map_* , ie as in: 如果您只是将后者更改为base_map_*base_map_* ,即如下所示: 

{
  "template": "base_map_*",             <--- change this
  "order": 1,
  "settings": {
    "index.number_of_shards": 1
  },
  "mappings": {
    "node_points": {
      "properties": {
        "location": {
          "type": "geo_point"
        }
      }
    }
  }
}

UPDATE UPDATE

Make sure to delete the current index as well as the template first., ie 确保首先删除当前索引以及模板 

curl -XDELETE localhost:9200/base_map_simple
curl -XDELETE localhost:9200/_template/logstash

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 logstash和elasticsearch geo_point - logstash and elasticsearch geo_point 如何从logstash向elasticsearch添加geo_point类型数据? - how to add geo_point type data to elasticsearch from logstash? elasticSearch批量的geo_point类型 - geo_point type for elasticSearch bulk 无法生成 geo_point 数据类型为 Logstash 的 geo_point 字段 - Not Able to generate geo_point field with geo_point data type Logstash elasticsearch river插件在索引时未创建geo_point类型 - elasticsearch river plugin is not creating geo_point type while indexing Elasticsearch geo_point 映射类型在第一次保存时被覆盖 - Elasticsearch geo_point mapping type overwritten on first save 如何修改或添加来自 logstash 的 json 字段以在 ElasticSearch 和 Kibana 中使用 geo_point - How to modify or add a json field from logstash to work with geo_point in ElasticSearch and Kibana Logstash/Elasticsearch 保持自动映射 geoip 到 object 而不是 geo_point - Logstash/Elasticsearch keep auto-mapping geoip to object instead of geo_point Elasticsearch响应中缺少geo_point字段 - Missing geo_point fields in elasticsearch response Elasticsearch术语查询按geo_point分组 - Elasticsearch term query grouped by geo_point
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM