In my case, it's ES 1.4.4, KB4 4.0.1, I use logstash-forwarder to
logstash-forwarder input, rabbitmq output, geoip filter in logstash and ES
river plugin, no template.
Perhaps I should've created a dedicated template but I now have 3 years
worth of index data and reindexing it will be painful.
On Wednesday, March 18, 2015 at 1:46:51 PM UTC-7, Mark Walkom wrote:
>
> That sounds really weird, I have a non-LS index with geopoints and I can
> definitely read and plot these in KB4.
>
> Are you running the latest KB4 release? What version of ES?
>
> On 18 March 2015 at 07:36, Michael <bun...@gmail.com <javascript:>> wrote:
>
>> Ok, seems I resolved the issue:
>>
>> In short: You have to use the default output index in logstash:
>>
>> output {
>> elasticsearch {
>> host => "localhost"
>> protocol => "http"
>> }
>> }
>>
>> in ES this results in the index logstash-YYYY.MM.DD
>>
>> Since I try to deal with syslogs, I thought it was a good idea to create
>> a dedicated index.
>>
>> output {
>> if [type] == "syslog" {
>> elasticsearch {
>> host => "localhost"
>> index => "syslog-%{+YYYY.MM.dd}"
>> protocol => "http"
>> }
>> } else {
>> elasticsearch {
>> host => "localhost"
>> protocol => "http"
>> }
>> }
>>
>> The thing is: Now the autmatic mapping feature of logstash (described
>> here http://logstash.net/docs/1.4.2/filters/geoip) is not taken into
>> account.
>> So, it may be possible to manually create a mapping template (see
>> http://logstash.net/docs/1.4.2/filters/geoip ... manage_template /
>> template) in the logstash output config.
>> Or you can stick to the default output index of logstash.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "elasticsearch" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to elasticsearc...@googlegroups.com <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/elasticsearch/d0cda794-a6cd-4f45-bf46-38cf80967c74%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/elasticsearch/d0cda794-a6cd-4f45-bf46-38cf80967c74%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4c92e0d1-68f4-4e45-af96-d89eac4bd914%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
