Logstash Filter geo_point with lat long?

Question

Part of my grok filter (working) grabs the following two fields:

%{NUMBER:XCent} %{NUMBER:YCent}

which are lat, long points.

I'm attempting to add a location pin but keep getting a config failure when I use the --debug flag on my configuration file

All of my configuration works until I get to this section.

if [XCent] and [YCent] {
    mutate {
        add_field => {
            "[location][lat]" => "%{XCent}"
            "[location][lon]" => "%{YCent}"
        }
    }
    mutate {
        convert => {
            "[location][lat]" => "float"
            "[location][lon]" => "float"
        }
    }
    mutate {
        convert => {"[location]", "geo_point"}
    }
}

My thought was that this is basically what the elastic documentation for logstash 1.4 suggested

https://www.elastic.co/guide/en/elasticsearch/reference/1.4/mapping-geo-point-type.html

Edit: found better way to apply configuration in filter, updated code.

Answer 1

The third mutate filter is invalid. convert accepts a hash as it's argument. And the valid conversions are integer, float, string, and boolean. You don't need this filter so you can just remove it.

To set the location field as a geo_point type you need to modify the Elasticsearch index template you are using for your data.